| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11
Comments:
<0> rrohde: a good way to find out is to look at the error message from a non-existent site. Try something like http://lkjhlkjhlkjh.com If you're using a proxy then the error page will tell you
<0> mine has a last line like: Generated Sun, 26 Mar 2006 17:33:31 GMT by localhost.localdomain (squid/2.5.STABLE12)
<1> Firefox can't find the server at www.lkjhlkjhlkjh.com.
<0> if you just get a timeout, or a DNS error, then you're (probably) not using a proxy
<1> well.. firefox shou;dnt answer.. it should be privoxy
<0> rrohde: yeah, that's not using a proxy then
<2> Are you really sure you wanted port 80 requests routed to 8118, then?
<1> ... but it should, as all http stuff is redirected to port 8118
<0> what happens if you explicitly tell firefox to use that machine as a proxy?
<0> make sure the proxy works as expected before you try to make it transparent
<1> smsie, then it works.. of course :) But I like to have a transparent prox
<3> Hello
<0> okay. How is the proxy managing to get to port 80 then? Has that been allowed to get out itself?
<1> smsie, hmm.. I *think* so
<2> I wonder if I put the -d in the wrong place...
<1> I mean.. it works when I specify firefox to use privoxy
<0> rrohde: well, check. Try getting to web somewhere from the machine the proxy is running on
<0> ah
<1> smsie, that works.
<0> that sounds like it is working then
<2> iptables -t nat -A PREROUTING -p tcp -d <your ip>/32 --dport 80 -j REDIRECT Should-dBeHere? --to-ports 8118
<0> rrohde: without seeing your ruleset, I don't know what else to suggest
<2> No, well
<2> No
<4> neuron: sry i logout by acident... how do i make /mnt/ntfs unlocked so i can exlpore from kde
<2> No, I got it right.
<2> I think...
<1> $IPTABLES -t nat -A PREROUTING -p tcp -i $INTIF --dport 80 -s 192.168.0.0/32 -j REDIRECT --to-ports 8118
<0> oogle: that's just Plain Wrong. Hush now
<2> Just plain wrong?
<5> AstrialPhant: well it is unlocked... but how are you trying to explore it? user?
<0> rrohde: ah, redirect to a host:port, not just to a port
<2> Source, source, source
<1> smsie: either way it doesn't work
<4> ya i wanna make it unlocked for my account
<0> rrohde: what you pasted redirects to the host the request was for orriginally, it just changes the port
<0> rrohde: what you pasted definitely won't work anyway
<1> Chain PREROUTING (policy ACCEPT)
<1> target prot opt source destination
<1> REDIRECT tcp -- 192.168.0.0 anywhere tcp dpt:http redir ports 8118
<2> yeah it will.
<2> We
<5> AstrialPhant: do you have root access to the machine?
<1> I am confused now :)
<2> er
<2> no
<2> 127.0.0.1
<2> right?
<4> yes i do
<0> rrohde: $IPTABLES -t nat -A PREROUTING -p tcp -i $INTIF --dport 80 -s 192.168.0.0/32 -j DNAT --to 192.168.0.20:22
<0> rrohde: something like will probably work
<2> oh
<2> No
<1> I thought the --to-ports can only take port numbers?
<0> rrohde: replace 192.168.0.20:22 with the IP:port of the proxy machine
<0> rrohde: this is DNAT, not REDIRECT
<1> let's try DNAT then :)
<0> oogle: please either make sense or be quiet
<6> how can i turn off my monitor with a key press?
<5> asign it to run xset dpms force off
<1> Chain PREROUTING (policy ACCEPT)
<1> target prot opt source destination
<1> DNAT tcp -- 192.168.0.0 anywhere tcp dpt:http to:192.168.0.1:8118
<0> rrohde: that looks reasonable, yes
<1> ^^ it's still firefox answering to a bogus address... not privoxy.. what now?
<6> synaptic: how exactly do i do that?
<0> rrohde: ah
<0> rrohde: 192.168.0.0/32?? try /24
<1> smsie, I am close, I feel it :)
<0> /32 is wrong
<6> synaptic: i mean in console, i dont have x
<1> smsie, is it?
<0> rrohde: yes. /32 is a single host. /24 is a cl*** C network
<3> how do I backup something trough ssh to another host ?
<6> sftp
<6> or scp
<3> not that
<6> or rsync
<7> How about something like: iptables -t nat -A PREROUTING -p tcp ! -i lo --dport 80 -j REDIRECT --to-port 8118
<3> I mean _trough_ ssh
<6> yes
<3> because I don't have the space to create an archive locally
<6> sftp is using ssh
<0> kittenZzZ: that will also redirect the proxy when it tries to fulfil the request won't it?
<1> smsie, same thing... even with /24
<6> or at least the protocol
<6> so is scp
<7> smsie: I'm thinking that the '! -i lo' will take care of it
<0> rrohde: is privoxy doing the DNS lookups?
<1> smsie, well.. there IS a difference now... all pages come up blank... :)
<0> kittenZzZ: privoxy won't be using lo to fill the requests will it?
<1> nor error message. just blank pages.
<0> rrohde: well, that's progress then :)
<7> smsie: privoxy is running on the local machine, isn't it ?
<0> rrohde: does privoxy log somewhere?
<0> can you see the requests get logged?
<7> (the same machine as the firewall rules are on...)
<0> kittenZzZ: yes. But it still need to use an interface other than loopback to get to the internet
<7> smsie: I think you spotted my thinko :)
<0> rrohde: ah. privoxy can't get to the internet to fulfil those requests
<1> smsie, well.. I used squid now for testing, and squid doesn't find the pages at all.
<1> Generated Sun, 26 Mar 2006 17:42:19 GMT by linuxserver.rohde.net (squid/2.5.STABLE6)
<7> smsie: Lemme just do a little test here.
<0> rrohde: you need to have a rule *before* that one that explicitly allows port 80 from 192.168.0.1
<1> smsie, I see
<2> you need /32
<2> silly billies.
<0> rrohde: that rule stops any request leaving from 192.168.0.0/24 and redirects it to 8118. Either do it per interface (if you have an interface that is dedicated to inside and one dedicated to outside) or explicitly allow 192.168.0.1 to get to port 80
<0> oogle: no you don't. Be quiet please
<1> $IPTABLES -t nat -A PREROUTING -p tcp -i $INTIF --dport 80 -s 192.168.0.1 -j ACCEPT
<1> $IPTABLES -t nat -A PREROUTING -p tcp -i $INTIF --dport 80 -s 192.168.0.0/24 -j DNAT --to 192.168.0.1:3128
<1> ^^ like so?
<8> oogle: why don't you join #linux, they love jokers in there?
<0> rrohde: looks reasonable
<2> I'm not joking
<1> testing
<0> if he acts like that in #linux I'll boot him out so fast he'll be eating his sphincter!
<2> Any incoming port 80 is going to crash and burn from the outside from what I understand
<8> smsie :)
<1> The requested URL could not be retrieved <<-- still no joy
<0> rrohde: I thought this was a bogus URL?
<0> try google?
<5> oogle: stop doing this, it's stupid
<1> no.. this is a realy one now :)
<1> *real
<0> rrohde: ah. Does the privoxy log show anything at all?
<7> smsie: Locally generated packets don't traverse nat/PREROUTING, they traverse nat/OUTPUT ?
<1> smsie, well, I switched to squid for testing. I will look into the logs
<0> kittenZzZ: that's very true. But this box has two ideas of "local", one for the LAN and one for the internet. LAN->Internet should go via PREROUTING AIUI? I could be wrong there though
<1> well.. to clear things up.. the Linuxbox I am working on is the gateway to the clients behind it, and I would like to force the clients to use a proxy... So I think that PREROUTING is the way to go.. no?
<0> rrohde: yes
<1> smsie, at least the proxy anwsers now :)
<0> rrohde: there is a transparent proxying HOWTO out there somewhere
<0> rrohde: excellent :)
<1> 143395295.046 0 192.168.0.10 TCP_DENIED/400 1435 GET / - NONE/- text/html
<7> smsie: That sounds right to me.
<1> that's in the logs
<0> rrohde: an empty request?
<1> dunno
<0> looks strange
<1> that's what I am getting for each attempt
<0> interesting
<0> I have no idea why though
<1> smsie, that's the page I am getting in firefox:
<1> While trying to retrieve the URL: /
<1> The following error was encountered:
<1> * Invalid URL
<0> rrohde: what URL were you trying to get?
<1> www.simhq.com, for example
Return to
#linuxhelp
or
Go to some related
logs:
#linux
#london
kmiror sex
beep through internal speaker
delbarinu
#linux
d'ou es-tu
#AllNiteCafe
suge pule
#networking
|
|