Discussion:
setup transparent proxy for thinclients webtraffic
j***@telenet.be
2013-07-18 15:01:52 UTC
Permalink
Dear All,

I'm setting up a K12Linux server, that also acts as a router/Firewall for some laptops and workstations.
So I 've set up a transparent proxy, Squid, for all traffic passing through the box, in order to monitor and control the network traffic.

But I can't find out how to also reroute al the traffic from the thinclients to Squid as well.

Does anybody know how to do that?

Thanks for any advice.

Greetings, J.




iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 10.0.0.1:3128 - See more at: http://www.broexperts.com/2013/03/squid-as-transparent-proxy-on-centos-6-4/#sthash.ZGWLthug.dpuf


iptables - t nat - A PREROUTING - i eth1 - p tcp -- dport 80 - j DNAT -- to 10.0 . 0.1 : 3128 iptables - t nat - A PREROUTING - i eth0 - p tcp -- dport 80 - j REDIRECT -- to - port 3128 iptables - I INPUT - s 10.0 . 0.0 / 8 - p tcp -- dport 3128 - j ACCEPT - See more at: http://www.broexperts.com/2013/03/squid-as-transparent-proxy-on-centos-6-4/#sthash.ZGWLthug.dpuf


iptables - t nat - A PREROUTING - i eth1 - p tcp -- dport 80 - j DNAT -- to 10.0 . 0.1 : 3128 iptables - t nat - A PREROUTING - i eth0 - p tcp -- dport 80 - j REDIRECT -- to - port 3128 iptables - I INPUT - s 10.0 . 0.0 / 8 - p tcp -- dport 3128 - j ACCEPT - See more at: http://www.broexperts.com/2013/03/squid-as-transparent-proxy-on-centos-6-4/#sthash.ZGWLthug.dpuf
Burke Almquist
2013-07-18 23:26:31 UTC
Permalink
Post by j***@telenet.be
Dear All,
I'm setting up a K12Linux server, that also acts as a router/Firewall for some laptops and workstations.
So I 've set up a transparent proxy, Squid, for all traffic passing through the box, in order to monitor and control the network traffic.
But I can't find out how to also reroute al the traffic from the thinclients to Squid as well.
Does anybody know how to do that?
Thanks for any advice.
Greetings, J.
Thin clients are just displaying a remote session that is actually occurring on the server. As such, any traffic generated by these programs is being generated from the server, not the thin client. The only exceptions to this would be anything running as a local app, and the LTSP session traffic that goes between the server and the thin clients. That traffic comes from programs running on the thin client, so that traffic actually is coming from the thin client.
j***@telenet.be
2013-07-19 09:55:27 UTC
Permalink
----- Oorspronkelijk e-mail -----
Van: "Burke Almquist" <***@thealmquists.net>
Aan: "Support list for open source software in schools." <***@redhat.com>
Verzonden: Vrijdag 19 juli 2013 01:26:31
Onderwerp: Re: [K12OSN] setup transparent proxy for thinclients webtraffic

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by j***@telenet.be
Dear All,
I'm setting up a K12Linux server, that also acts as a router/Firewall for some laptops and workstations.
So I 've set up a transparent proxy, Squid, for all traffic passing through the box, in order to monitor and control the network traffic.
But I can't find out how to also reroute al the traffic from the thinclients to Squid as well.
Does anybody know how to do that?
Thanks for any advice.
Greetings, J.
Thin clients are just displaying a remote session that is actually occurring on the server. As such, any traffic generated by these programs is being generated from the server, not the thin client. The only exceptions to this would be anything running as a local app, and the LTSP session traffic that goes between the server and the thin clients. That traffic comes from programs running on the thin client, so that traffic actually is coming from the thin client.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAlHoeagACgkQxWV7OPa/g5G9uwCfWTsoOtwxzOhE1qJoeJG8RTon
7xQAniWDxjpJsQulI/4u/taGhtLOSviC
=YLzd
-----END PGP SIGNATURE-----

Hello,

Thanks for you answer.

I know, and that is exactly my problem.
I was able to set up transparent proxy with Squid for traffic on the lan, but the thinclients don't generate traffic on the lan,
but on the server itself.
And I can't find anywhere how to direct that traffic to Squid as well :-)

greetings, J.
_______________________________________________
K12OSN mailing list
***@redhat.com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
Barry Cisna
2013-07-19 11:23:53 UTC
Permalink
Johan,

As stated by someone earlier in this thread the only way you can make
squid work either transparent or manually is to run Firefox as a local
app on each TC so it has "a port to pass through" back and forth from
server to TC.

Running squid with squidGuard you need to add the following two rules to
iptables / nat:


-A PREROUTING -p tcp -m tcp -i eth1 --dport 80 -j DNAT --to
192.168.67.1:3128

-A PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j REDIRECT --to-ports
3128

# Note eth0 is WAN & eth1 is LAN in this example.

Take Care,
Barry
b***@thealmquists.net
2013-07-19 13:03:47 UTC
Permalink
You could set the Firefox settings on the server to use the proxy manually. I think there's a system wide place you can set that for all http traffic for all users.

----- Reply message -----
From: ***@telenet.be
To: "Support list for open source software in schools." <***@redhat.com>
Subject: [K12OSN] setup transparent proxy for thinclients webtraffic
Date: Fri, Jul 19, 2013 4:55 AM




----- Oorspronkelijk e-mail -----
Van: "Burke Almquist" <***@thealmquists.net>
Aan: "Support list for open source software in schools." <***@redhat.com>
Verzonden: Vrijdag 19 juli 2013 01:26:31
Onderwerp: Re: [K12OSN] setup transparent proxy for thinclients webtraffic

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by j***@telenet.be
Dear All,
I'm setting up a K12Linux server, that also acts as a router/Firewall for some laptops and workstations.
So I 've set up a transparent proxy, Squid, for all traffic passing through the box, in order to monitor and control the network traffic.
But I can't find out how to also reroute al the traffic from the thinclients to Squid as well.
Does anybody know how to do that?
Thanks for any advice.
Greetings, J.
Thin clients are just displaying a remote session that is actually occurring on the server. As such, any traffic generated by these programs is being generated from the server, not the thin client. The only exceptions to this would be anything running as a local app, and the LTSP session traffic that goes between the server and the thin clients. That traffic comes from programs running on the thin client, so that traffic actually is coming from the thin client.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAlHoeagACgkQxWV7OPa/g5G9uwCfWTsoOtwxzOhE1qJoeJG8RTon
7xQAniWDxjpJsQulI/4u/taGhtLOSviC
=YLzd
-----END PGP SIGNATURE-----

Hello,

Thanks for you answer.

I know, and that is exactly my problem.
I was able to set up transparent proxy with Squid for traffic on the lan, but the thinclients don't generate traffic on the lan,
but on the server itself.
And I can't find anywhere how to direct that traffic to Squid as well :-)

greetings, J.
_______________________________________________
K12OSN mailing list
***@redhat.com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>

Loading...