LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-07-2004, 09:23 AM   #1
flesh
LQ Newbie
 
Registered: Jun 2003
Location: MTL
Posts: 9

Rep: Reputation: 0
Slackware box with 2 nics with squid & guarddog


Hi,
Ive read this forum and havent found a similar setup... On my Slackware box I am running squid(proxy) & guarddog(firewall) with 2 nics.. local & global on same machine. The situation is guarddog seems to block LAN icmp, causing LAN workstations to not ping proxy server and therefore not able to connect. But when guarddog is down things are fine. All workstations are able to connect to proxy.

Originally what I wanted was to block icmp global and allow icmp local, which guardog provided. Except is also blocked local LAN traffic. Does anyone know a way around this allowing me to adjust the iptables to allow local LAN icmp(eth0) and still block global icmp(eth1)? Your help would be much appreciated...

Thanks.

 
Old 03-07-2004, 09:38 AM   #2
flashingcurser
Member
 
Registered: Jan 2003
Distribution: many win/nix/mac
Posts: 259

Rep: Reputation: 31
What port do you connect to your proxy with? 8080 80 8000...

Are you trying to set up a transparent proxy, forwarding port 80 to your proxy port?
 
Old 03-07-2004, 11:28 AM   #3
flesh
LQ Newbie
 
Registered: Jun 2003
Location: MTL
Posts: 9

Original Poster
Rep: Reputation: 0
proxy & firewall on same machine

[B]What port do you connect to your proxy with? 8080 80 8000...

Are you trying to set up a transparent proxy, forwarding port 80 to your proxy port?[/B]



Thanks for the reply.

Squid proxy uses 3128 by default and all workstations locally uses that port for proxy settings. The thing is the LAN workstartions cannot ping ipaddress of the proxy server with guarddog firewall enabled. Once I disable the firewall than proxy server ipaddress is pingable and proxy access is available. The proxy & firewall are on same machine, just that the firewall disables icmp locally and thats where the trouble begins. I would like it to be pingable or even better yet unreachable but still making access to proxy machine available.

Because of firewall(Guarddog) it blocks icmp... which is fine globally but need it to unblocked locally.

Thanks.

p.s. I have 2 nic's:

nic1-Internet
nic2-LAN (this nic is the one I want icmp to pingable or unreachable)
 
Old 03-08-2004, 12:31 AM   #4
flashingcurser
Member
 
Registered: Jan 2003
Distribution: many win/nix/mac
Posts: 259

Rep: Reputation: 31
You will want to check the configuration for guarddog, make sure the port your proxy is on is open.

It's good that it isn't pingable . Try nmap instead of pinging. As far as I know (which btw is very little) squid does nothing with echo requests, so it shouldn't matter one way or another if it pings. It should work if the port is open.

 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
3 nics set up firewall box props666999 Slackware 2 09-11-2005 01:05 PM
NTL Set Top Box & Slackware JaymzCobain Linux - Networking 2 01-22-2004 03:12 PM
Box Linux with 3 NICs Marcelo Oliveir Linux - Networking 9 09-11-2003 01:12 PM
2 nics and a squid proxy mssucks Linux - Networking 4 03-06-2002 04:29 AM
I need some help with 2 nics in 1 box ForumKid Linux - Networking 6 01-21-2002 01:56 PM


All times are GMT -5. The time now is 01:12 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration