Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Transparent Proxy Server ... IPTABLES

Status
Not open for further replies.
bitwise

bitwise

Programmer
Mar 15, 2001
269
US
I'm trying to setup a linux router (Red Hat 9) to forward all web request from our clients on port 80 to an external proxy server. Everything is working (routing wise) aside from the transparent proxy forwarding. On a client...if I enter the proxy settings in Internet Explorer I can browse the internet just fine and this is expected. However, if I remove the proxy settings it doesn't work. Here is the IPTABLES command I'm trying to use to do the forwarding:

$IPTABLES -t nat -A PREROUTING -i $INTERNAL -s ! 168.94.74.68 -p tcp --dport 80 -j DNAT --to 168.94.74.68:8080
$IPTABLES -t nat -A POSTROUTING -o $INTERNAL -s 192.168.0.0/24 -d 168.94.74.68 -j MASQUERADE
$IPTABLES -A FORWARD -s 192.168.0.0/24 -d 168.94.74.68 -i $INTERNAL -o $EXTERNAL -p tcp --dport 8080 -j ACCEPT

The ERROR I'm getting is:

"HTTP 502 Proxy Error - The Uniform Resource Locator (URL)
does not use a recognized protocol. Either the protocol is
not supported or the request was not typed correctly.
Confirm that a valid protocol is in use (for example, HTTP
for a Web request). (12006)
Internet Security and Acceleration Server"

Any thoughts?
-bitwise
 
Sort by date Sort by votes
The Masquerade line is extraneous unless you are
not otherwise natting outgoing traffic from this
subnet.
Hmm. The isa server complaining about malformed
urls is interesting.

When in doubt log. Create user chains that perform
the forwarding and dnat stuff and then a log directive
before the active dnat and forwarding portions.
That way you can see what is going on at both ends.
The reason I suggest user defined chains is that
they can be more easily added and refined than
creating a spaghetti load of rules in each major
chain.
 
Upvote 0 Downvote
I believe the browser talks to a proxy differently than it talks to a simple server, so pointing it at the proxy is not a valid test that it will work with a normal http request sent to it. You can have a server running a web server *and* proxying requests, so there is something in the protocol to request a forward action.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MP2023
  • Locked
  • Question
mail Server
Replies
0
Views
288
MP2023
MP2023
MP2023
  • Locked
  • Question
Mail Server zimbra
Replies
0
Views
300
MP2023
MP2023
bk Patel
  • Locked
  • Question
Openscape 4000 Eco Server
Replies
3
Views
494
bk Patel
bk Patel
Phi_1.618
  • Locked
  • Question
Linux server
Replies
2
Views
360
SamBones
SamBones
Steve Bowman
  • Locked
  • Question
I have a Debian server (buster) I h
Replies
0
Views
205
Steve Bowman
Steve Bowman

Part and Inventory Search

Sponsor

Back
Top