HTTP Anti-Virus Proxy

I have prob regarding transperent proxy.
My havp config is as follow:
client>>havp>>squid>>internet
As i am having iptables on same machine i'm using following iptables configs.

1> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080

2> iptables -A INPUT -i eth1 -p tcp -s 10.10.136.253/8 --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT

Now as i use squid as parent proxy i've tried following configuration, as reply hits squid first

1> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080

2> iptables -A INPUT -i eth1 -p tcp -s 10.10.136.253/8 --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT

but neither works, in more i'm getting invalid request error.
[/b]

If you get invalid request error, then I would assume your browser still has proxy set? TRANSPARENT should be true, and browser should not have any proxy set.

Cheers,
Henrik

I've checked all the browser stuff and played with iptables also.
I'm tracing the packets but the packets getting dropped.
Any other way...as i have tried same thing with squid alone.
--piyush--

I guess the iptables OUTPUT rule is missing.

To be clear.. when are you getting the invalid request error? With or without proxy set in browser? I can't tell from your description if you have a network or HAVP configuration error.

Cheers,
Henrik

hello

I'm getting that invalid request with browser setting enabled and that's obvious.

But when i use squid alone with iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.22.33:3128 it's working fine transperently but the same thing work neither for HAVP alone nor for HAVP + squid.

What should be my iptables output?

There is nothing else you need than:

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080

Obviously you have something wrong with client<->server iptables setup if it doesn't work. See that both INPUT/OUTPUT is allowed to/from clients. I can't help you any more as I don't know your whole iptables setup.

Cheers,
Henrik

I'm using squid, iptables and HAVP on same machine with one ethernet card on my LAN.

I've flushed my firewall and then added following ip tables rule..

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
which is the only rule in my iptables.

I set TRANSPERENTPROXY to true and start HAVP then i test from other machine with default gateway to my machine and try to open webpage which is unsuccessful.

Below is my ethereal output...
77 192.041702 10.10.136.47 -> 10.255.255.255 NBNS Name query NB WWW.WINAMP.COM<00>
78 192.790200 10.10.136.47 -> 10.255.255.255 NBNS Name query NB WWW.WINAMP.COM<00>
79 193.540168 10.10.136.47 -> 10.255.255.255 NBNS Name query NB WWW.WINAMP.COM<00>
80 194.170409 10.10.136.52 -> 10.255.255.255 SMB_NETLOGON SAM LOGON request from client
81 194.296885 10.10.136.47 -> 10.10.136.253 DNS Standard query A www.winamp.com
82 194.296939 10.10.136.253 -> 10.10.136.47 ICMP Destination unreachable (Port unreachable)
83 194.297205 10.10.136.47 -> 10.255.255.255 NBNS Name query NB WWW.WINAMP.COM<00>
84 195.040119 10.10.136.47 -> 10.255.255.255 NBNS Name query NB WWW.WINAMP.COM<00>
85 195.790080 10.10.136.47 -> 10.255.255.255 NBNS Name query NB WWW.WINAMP.COM<00>
86 197.040423 Executon_02:bd:2c -> RealtekS_21:8e:f8 ARP Who has 10.10.136.47? Tell 10.10.136.253
87 197.040506 RealtekS_21:8e:f8 -> Executon_02:bd:2c ARP 10.10.136.47 is at 00:e0:4c:21:8e:f8

where 10.10.136.253 is ip of squid,HAVP iptables machine and 10.10.136.47 is from where i test.

I have tried both with squid as parent proxy and without. The strange thing is i can run squid in transperent mode alone with same setting.

any way u can help

So how is your INPUT/OUTPUT rules?

# iptables -v -L

Cheers,
Henrik

hello
This is output of , iptables -t nat -nL

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Now what should be my INPUT and OUTPUT rules ? I only want to add rules regarding HAVP as i get confused with these rules.

--Piyush--

Are your INPUT and OUTPUT allowed by default? What do you have there?

Show me iptables -v -L, not the nat..

Cheers,
Henrik

hello,
iptables -v -L

Chain INPUT (policy ACCEPT 1387 packets, 122K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- eth0 any anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:webcache
0 0 ACCEPT tcp -- eth0 any anywhere anywhere state RELATED,ESTABLISHED tcp spt:www

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 1376 packets, 112K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any eth0 anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:www
0 0 ACCEPT tcp -- any eth0 anywhere anywhere state RELATED,ESTABLISHED tcp spt:www

and iptables -t nat -nL is..
iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

--piyush--

Ah I think I know why it didn't work..

You should do it something like this:

iptables -t nat -A PREROUTING -i eth1 -s ! 10.10.136.253 -p tcp --dport 80 -j REDIRECT --to-port 8080

Because otherwise when HAVP/Squid wants to connect to port 80, it will loop again, creating infinite loop.. you have to exclude your own server.

(You might have put \! instead of ! if shell complains)

Cheers,
Henrik

And I assumed clients come from eth1 and server connects to internet from eth1..

Because usually internal network comes from say eth0, and internet traffic goes to eth1.. then there would be no problems like this.

Cheers,
Henrik

Hello
That doesn't seem to work.
Sorry Henry but i made some mistekes..

i have re arranged my network now as below,

Test machine: ip 10.10.136.45/8

My machine(HAVP + iptables): eth0 :10.10.136.253/8
eth1 :10.10.136.199/8

Now Test machine connects to My machine on eth1 with default gateway as 10.10.136.199 via cross cable and eth0 connects to my LAN gateway hence internet.

I browsw from test machine.
Now Can u please tell me what should be my iptables configuration?
and ya Thanks for ur continuous reply

--piyush--