Do I need to bridge to use port mapping?

Started by J

J

Do I need to bridge to use port mapping?   27 January 2009, 20:21

Hi,

I am trying to setup Squid as a transparent proxy and have followed the instructions here : http://www.softperfect.com/support/articles/squid/

It is working fine locally on the server.

I have port 80 on the WAN Adapter (192.168.2.1 -129.168.2.254) being mapped to port 3128 locally.

When i enable that rule the VPN dialing user cannot access internet, When i disable the Rule it works fine.

Obviously BWM is intercepting traffic on port 80, but where does it go? Squid records nothing in the log.

Do i need to bridge the WAN adapter to the External Nic card? Any other ideas?

Since its a remote server i don't want to loose internet connection, so i am afraid of bridging and getting locked out.


thanks.
SoftPerfect Support forum - Andrew avatar image

Do i need to Bridge to use port mapping?   28 January 2009, 06:50

You do not need to use bridging for transparent proxying. It is possible that the redirecting rule, that you have created, actually redirects all traffic not limited by HTTP traffic.

Please post here your exact current ruleset and briefly tell how many there are network adapters in the server and where they are connected to.
J

Do i need to Bridge to use port mapping?   28 January 2009, 07:47

I have one server with one physical NIC Adapter. Server is acting as a VPN server + NAT using the Windows RRAS.

When user connects to server through VPN, they get ip range 192.168.2.2-192.168.2.254. Then they are NATed back out through 192.168.2.1/localhost. It all works fine.

In BWM I setup this rule:

Direction: both
Rate: unlimited
Protocol: TCP
Source: 192.168.2.1-192.168.2.254
Port : any
Adapter: WAN Network Adapter

Destination: Any
Port: 80

Enabled process with port mapping and selected the mapping i made to port 3128

*****

I can confirm that it DOES capture outgoing port 80 for connected users. When i enable the rule user cannot surf, when i disable it user can surf.

Squid is working fine locally.
*****

But nothing gets mapped to local port 3128 (SQUID)
J

Do i need to Bridge to use port mapping?   28 January 2009, 08:03

Also i tested using redirect to URL mapping and that didn't work.

I tested using LAN adapter on the server, so it catches http local on the server and that didn't work either.

strange!
SoftPerfect Support forum - Andrew avatar image

Do i need to Bridge to use port mapping?   07 February 2009, 04:36

Could you please post output of the ipconfig /all command launched at the server at a command prompt?

Do i need to Bridge to use port mapping?   07 February 2009, 08:25

It might help looking at the squid "cache" log. It seems there is no connection. You can find it in \squid\var\logs.

Arthur.
j

Do i need to Bridge to use port mapping?   08 February 2009, 14:58

Thanks Andrew explained the problem. Forwarding cannot be used on the Wan adapter.

Do i need to Bridge to use port mapping?   10 February 2009, 20:00

I still haven't quite figured out to redirect using URL.

This is what I tried from a LAN client with it's IP 192.168.4.3.

BWM NIC's (No bridging and no NAT just IP forwarding).
192.168.1.1
192.168.4.2
192.168.5.2
192.168.6.2

I set up a filter as follows: Protocol TCP, any source IP - any source port, any dest IP - port 80, Interface 192.168.4.2, mapping "test" enabled.

I tried the following URL redirects under a mapping called test:


http:// 192.168.4.2 (to a web server on the same BWM machine, no go HTTP timeout).
http:// 192.168.4.3 (back to a web server on the LAN client its self, no go HTTP timeout).
http:// 192.168.1.2 (to a web server running on another subnet out another NIC, no go HTTP timeout).

Without the space after http:// (I put that in there to display correctly in forum)

Any ideas where I'm going wrong?

I'm using preview 2.9.5. I tired this a few preview version ago and gave up and just had another tackle tonight but still no success.

I still use Win2K Professional SP4.

Gavin.

Do i need to Bridge to use port mapping?   10 February 2009, 20:07

I just answered my own question smile

I had to turn off the new ignore LAN traffic option to get the filter to work smile

I've got it working now! I have to re-direct to a web server on the existing network the clients are trying to connect from. So I managed to get it to redirect to 192.168.4.3 web server back on the client making the request.

Reply to this topic

Sometimes you can find a solution faster if you try the forum search, have a look at the knowledge base, or check the software user manual to see if your question has already been answered.

Our forum rules are simple:

  • Be polite.
  • Do not spam.
  • Write in English. If possible, check your spelling and grammar.

Author:

Email:

Subject

A brief and informative title for your message, approximately 4–8 words:

     

Spam prevention: please enter the following code in the input field below.

 **     **  **     **  ********    ******    *******  
 ***   ***   **   **   **     **  **    **  **     ** 
 **** ****    ** **    **     **  **               ** 
 ** *** **     ***     ********   **         *******  
 **     **    ** **    **     **  **               ** 
 **     **   **   **   **     **  **    **  **     ** 
 **     **  **     **  ********    ******    *******  

Message: