LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-21-2006, 08:22 AM   #1
msound
Member
 
Registered: Jun 2003
Location: SoCal
Distribution: CentOS
Posts: 465

Rep: Reputation: 30
Proxy Server / Network Layout Question


Good Morning (or Afternoon/Evening) All

I have a n00bish networking question about proxy servers. In the past I've always made my proxy server the network gateway, so the setup would go something like:
Modem/Router > Firewall > Proxy Server > Switch > LAN

The proxy server would have two nics with IP forwarding enabled and all that jazz. I'd set an ip tables rule to make the proxy server "transparent" to the lan by automatically forwarding outgoing port 80 traffic to port 8080 or 3128 (or whatever port that was being used by Squid).

This setup works well in a basic SOHO network environment, but I have a feeling that the more advanced the environment, the more difficult this would become to manage. Basically when troubleshooting connectivity to an online application, vpn, or some other remote service, it's never fun having 2 gateways. I'd like to have just 1 point of restriction in the form of a robust firewall. ie:
Modem/Router > Firewall > Switch > LAN

So now the question is, how do I transparently force users to go through the proxy? I know that I could manually setup the connection settings for IE and Firefox to point to the proxy, but what's stopping the users from removing those settings. The traveling laptop users have local admin rights to their machine, so they have the ability to change those settings.

So what is like the standard method used by network admins to force their lan users to transparently go through a proxy server?

Thanks!
 
Old 12-21-2006, 08:34 AM   #2
librano
Member
 
Registered: Jul 2004
Location: Here, there and everywhere.
Distribution: Arch+KDE, Linux Mint Fluxbox CE
Posts: 163

Rep: Reputation: 31
i am not sure but i'm just going to toss my 2cents...

i suppose you will have to setup your firewall so that it accepts web requests (ie requests to port 80 and 433>for https) only from the proxy server's IP. requests from other IPs on the LAN are dropped. So anyone on the LAN will have to access the net through the proxy server.

This is just my logical line of thought. I dont know if it is correct or how eactly to do it... but it will mean fiddling with iptables or shorewall config file. I'm sure there is enough documentation on the net for this.

lib.
 
Old 12-21-2006, 08:43 AM   #3
msound
Member
 
Registered: Jun 2003
Location: SoCal
Distribution: CentOS
Posts: 465

Original Poster
Rep: Reputation: 30
Yeah that was what I was thinking as well. I'd just like to know what other network admins for large companies would do. I seem to have made a habit of simply doing "what works". There are always several ways to get from point A to point B, but as an administrator it's important to follow the correct path.

Man that all sounded really nerdy
 
Old 12-21-2006, 08:55 PM   #4
amitsharma_26
Member
 
Registered: Sep 2005
Location: New delhi
Distribution: RHEL 3.0/4.0
Posts: 777

Rep: Reputation: 31
Quote:
Originally Posted by librano
i suppose you will have to setup your firewall so that it accepts web requests (ie requests to port 80 and 433>for https) only from the proxy server's IP. requests from other IPs on the LAN are dropped. So anyone on the LAN will have to access the net through the proxy server.
Or instead of dropping those LAN packets, you can redirect all of these packets back to your proxy again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
question on proxy server use nomb Linux - Networking 4 02-14-2006 10:52 PM
how to set up a proxy server? (noobie question) crumb Linux - Software 1 03-06-2005 11:19 PM
To make Linux as Proxy Server in a network saint_devil Linux - Networking 2 01-07-2005 06:30 AM
network access control with transparent proxy server namin Linux - Networking 1 08-16-2004 02:11 PM
network access control with transparent proxy server namin Linux - Newbie 1 08-15-2004 05:51 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration