I'm not having a every good time with this..
Goal of this whole thing
Set up a squid proxy server so the users can access the internet. # Check working
Set up a openvpn server # linode VPS # check working.. The openvpn client connects to the openvpn server fine.
http://library.linode.com/networking/openvpn/centos-5
Forward all the users http request from the squid server with iptalbes to the vpn server # none working..
##################################################
Network overview
default gateway 192.168.1.1
##################################################
DHCP / SQUID Proxy Server / Centos 5.6 all updated
From DHCP Server
DEVICE=eth0
BOOTPROTO=none
HWADDR=00:19:B9:21:23:D7
ONBOOT=yes
NETMASK=255.255.255.0
IPADDR=192.168.1.17
GATEWAY=192.168.1.1
TYPE=Ethernet
USERCTL=YES
IPV6INIT=NO
PEERDNS=YES
Static IP
DEVICE=eth1
BOOTPROTO=none
ONBOOT=yes
HWADDR=00:c0:a8:7c:9a:0c
NETMASK=255.255.255.0
IPADDR=192.168.2.1
GATEWAY=192.168.1.1
TYPE=Ethernet
USERCTL=yes
IPV6INIT=no
PEERDNS=yes
DNS 65.106.1.196
/sbin/route # before I connect to the VPN
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 * 255.255.255.0 U 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
/etc/resolv.conf
nameserver 65.106.1.196
nameserver 65.106.7.196
/etc/sysctl.conf
net.ipv4.ip_forward = 1
/etc/sysconfig/selinux
SELINUX=disabled
##################################################
DHCP Server
range dynamic-bootp 192.168.2.10 192.168.2.25/24
option routers 192.168.2.1
/etc/sysconfig/dhcpd
DHCPDARGS=eth1
##################################################
Squid Proxy server Squid Cache: Version 2.6.STABLE21 # Squid works fine.
/etc/squid/squid.conf
acl lan src 192.168.1.0/24 192.168.2.0/24
http_access allow lan
http_port 192.168.2.1:3128 transparent
##################################################
/etc/sysconfig/iptables
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A POSTROUTING -o eth0 -j MASQUERADE
##################################################
OPENVPN
/etc/openvpn/
ca.crt client.conf kontrolfreak.crt kontrolfreak.key
/etc/openvpn/client.conf
remote xxx.xxx.xxx.xxx 1194 # ip from the VPS
dev tun
ca ca.crt
cert xxxxx.crt
key xxxxx.key
##################################################
##################################################
##################################################
VPS Linode
xxx.xxx.xxx.xxx IP
centos 5.6 64-bit
OPENVPN
Tunnel All Connections through the VPN
/etc/openvpn/server.conf
push "redirect-gateway def1"
/etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
/sbin/iptables -A FORWARD -j REJECT
/sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
service iptables save
/etc/dnsmasq.conf
listen-address=127.0.0.1,10.8.0.1
bind-interfaces
################################
/etc/rc.local
/etc/init.d/dnsmasq restart
touch /var/lock/subsys/local
/etc/openvpn/server.conf
push "dhcp-option DNS 10.8.0.1"
/etc/init.d/openvpn restart
/etc/init.d/dnsmasq restart
chkconfig dnsmasq on
####################################################
VPN connects but can't pass http traffic through it.
After I connection to the OPENVPN Server and do a /sbin/route from the client.
output from client
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.0.5 * 255.255.255.255 UH 0 0 0 tun0
xxx.xxx.xxx.xxx 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0
10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0
192.168.2.0 * 255.255.255.0 U 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default 10.8.0.5 128.0.0.0 UG 0 0 0 tun0
128.0.0.0 10.8.0.5 128.0.0.0 UG 0 0 0 tun0
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
eth0 Link encap:Ethernet HWaddr 00:19:B9:21:23:D7
inet addr:192.168.1.17 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1712802 errors:0 dropped:0 overruns:0 frame:0
TX packets:1028175 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2015592814 (1.8 GiB) TX bytes:130841225 (124.7 MiB)
Interrupt:169 Memory:dfbf0000-dfc00000
eth1 Link encap:Ethernet HWaddr 00:C0:A8:7C:9A:0C
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:709507 errors:0 dropped:0 overruns:0 frame:0
TX packets:322975 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:383004034 (365.2 MiB) TX bytes:187867736 (179.1 MiB)
Interrupt:169 Base address:0x2f00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:23261 errors:0 dropped:0 overruns:0 frame:0
TX packets:23261 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:14212441 (13.5 MiB) TX bytes:14212441 (13.5 MiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:28 errors:0 dropped:0 overruns:0 frame:0
TX packets:891 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:3577 (3.4 KiB) TX bytes:63775 (62.2 KiB)
#############################################################################
I know it has to do with the route or iptable or both
I have tried the following
iptables -t nat -A POSTROUTING -s 192.168.2.1 -o tun0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o tun+ -j ACCEPT
iptables -A FORWARD -i eth0 -o tun+ \! -d 178.79.178.75 -j DROP
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o tun0 -j MASQUERADE
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j ACCEPT
COMMIT
# Completed on Thu Dec 8 14:51:23 2011
# Generated by iptables-save v1.3.5 on Thu Dec 8 14:51:23 2011
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
tun0
-A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.1.0/24 -j SNAT --to-source 83.***.***.214
iptables -t nat -A PREROUTING -i tun0 -j DNAT --to-destination 192.168.2.1
#######################################################
Could it be that in the squid.conf
http_port xxx.xxx.xxx.xxx 3128
needs to be set the tun0 ip address
http_port 10.8.0.1 3128
Can someone please give me some insight on what I could be doing wrong..
Thanks head of time..
shawn
Maybe something like this.
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.17:3128
/sbin/iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables config not working between squid server and openvpn server
-
- Posts: 10642
- Joined: 2005/08/05 15:19:54
- Location: Northern Illinois, USA
iptables config not working between squid server and openvpn
Do not double post.
You might have better luck in an OpenVPN forum.
CentOS does not ship OpenVPN.
You might have better luck in an OpenVPN forum.
CentOS does not ship OpenVPN.
- AlanBartlett
- Forum Moderator
- Posts: 9345
- Joined: 2007/10/22 11:30:09
- Location: ~/Earth/UK/England/Suffolk
- Contact:
Re: iptables config not working between squid server and openvpn server
This thread is locked. Please post any assistance to the [url=https://www.centos.org/modules/newbb/viewtopic.php?topic_id=34742&forum=40&post_id=149510#forumpost149510]original thread[/url].