1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Proxy Server

Discussion in 'Networking Issues' started by butters, May 2, 2005.

  1. butters

    butters Network Guru Member

    I posted a similar question in the general area and received no response so I am trying here and will be more specific.

    We are a public institution that allows filtered internet access on our workstations. We route all traffic to a proxy server at 198.xxx.xxx.xxx through port 8080 using the setting in Internet Explorer to accomplish this. We would like to start a wireless network to allow laptop users to get online as they enter our building. The problem is we will need them to go through the proxy server as well. We won't have access to their machines so configuring IE is not an option in this case. Is there a way to setup the wireless router to automatically point these wireless users to the proxy server after they are assigned an IP? I didn't think this would be that difficult, but I am having no luck. We were using a Linksys WRT54GS router, but I am open to using any wireless AP/router that could accomplish this. If anyone knows of a way to do this please let me know. Thanks in advance.
     
  2. Guyfromhe

    Guyfromhe Network Guru Member

    best soloution would be to run the proxy between your lan and your internet connection as a rotuer and then it would force all clients trhough the proxy because it's easy enough to turn off the proxy in IE...you can't really force a setting in IE you can have a auto-configure script but the client has to be configured to use auto-configuration for that to work and then it will only work in IE...
    you could put a transparent proxy betweent he wrt and your lan as well, it may be possible to use a forward on port 80 but I don't know if the wrt's iptables has tht ability...
     
  3. butters

    butters Network Guru Member

    Difficult...

    This seems way harder to accomplish than I thought. I figured there would be at least some router out there that could take all requests out to the internet and force them through the proxy server on port 8080. Port forwarding seems to be the opposite (incoming). I am stumped on this...
    We are running a Linux box with Squid for our proxy server and must force all users through this box to the internet. The problem is telling a wireless router to force all requests throught the proxy server. IE does this, why can't a router handle this? It seems relatively easy in theory...
     
  4. Guyfromhe

    Guyfromhe Network Guru Member

    it's not as easy as it sounds, IE makes a different request when sending to a proxy server... can';t you use IP tables on your gateway to route all http traffic to your linux proxy server?
     
  5. Guyfromhe

    Guyfromhe Network Guru Member

  6. Guyfromhe

    Guyfromhe Network Guru Member

    just tried it myself that works on the linksys for a port on an interface to it'sef on another port i'll try at home to another machine but per the article it may cause issues if the proxy and the gateway aren't the same you may be able to get away with it though...really depends...
     
  7. Guyfromhe

    Guyfromhe Network Guru Member

    ok I just did exactly what you wanted I forwarded all web traffic to my local webserver (which you could forward to your squid server)
    heres what you do:

    iptables -t nat -A PREROUTING -i $wireless_if -s ! $squid_box -p tcp --dport 80 -j DNAT --to $squid_box:$squid_port
    iptables -t nat -A POSTROUTING -o $wanport_if -s $local_network/24 -d $squid_box -j SNAT --to $ip_of_linksys_router
    iptables -I FORWARD 1 -s $local_network/24 -d $squid_box -i $wireless_if -o $wan_if -p tcp --dport 80 -j ACCEPT

    and there ya go, all traffic is sent to squid box and it will deal with it...
     
  8. butters

    butters Network Guru Member

    Boy I don't know... I am not well versed in this stuff and I am reluctant to "mess" with the Squid server since it is soley used to filter content for our computer lab and is a critical machine. I have no access to our main gateway router since it is administered by our ISP. Could there be another way to do this using another method? I will read up on this and see what I can or can't do. I do appreciate your posts. Thanks.
     
  9. Guyfromhe

    Guyfromhe Network Guru Member

    heres my best soloution in that case:
    Setup the WRT with the pass port 80 rules and point it to a new machine, install squid on a non-production box and try to configure it for transparent proxying then once you know you can set it up properly re-configure the production box.

    Other than that if you don't want to touch squid, you could set it up to force forward port 80 to a web server that just spews out instructions on setting up the proxy in IE then when someone opens their browser it comes up with a page telling them exactly what to do, I think you can even build an IE auto configuration file they can just click on and it sets up their browser... you'll want to have instructions for netscape and firefox and so forth on there as well if you do it that way... the best way is with a properly configured squid though.
     
  10. butters

    butters Network Guru Member

    Thanks. When I get more time I may setup another machine to play around with. Your second solution would actually be very easy to accomplish although not the simplest for our users. That might be a good alternative for now just so I could get up and running. If you think of any other methods that might solve my problem, please let me know. I am open to just about anything as long as it is relatively easy and not terrible expensive.
     
  11. Guyfromhe

    Guyfromhe Network Guru Member

    i don't think there would be a whole lot of other options for what you want to do... that page i gave you a couple posts up tells you exaclty how to configure squid to do what you want... both methods require adding port redirection to the wrt, and if I read that page correctly it just takes a couple addtiional lines in the squid config for it to work the way you want...
     

Share This Page