Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
When any of my users on my network go into there web browsers settings and choose to connect directly to the internet, they can bypass my proxy settings and go to whatever website they want to! why is that! and I would like to use squidguards format of using there blacklists to filter out websites for DANSGUARDIAN. Can somebody point me in the right directions
That depends on your EXTIF. I would expect it to be the INTIF from the Lan.
If someone in the lan sent anything to port 3128 it wouldn't matter, there's nothing listening on it anyway. Squid will be on only 127.0.0.1, not the local eth, so a rule really isn't necessary..
REDIRECT is a target to pass traffic direct to 127.0.0.1.
Last edited by peter_robb; 12-14-2005 at 09:05 AM.
I have made all of those changes and all works on my 192.168.3.0 network but I can get my 192.168.4.0 network to work. Nothing on my 4 network will work!
Either you need to put a SNAT on the 3.0 side of the wireless router, or place a static route in the firewall to say which gateway address to use to find the 4.0 network..
I just put statics routes in linux laptop (route add -net 192.168.3.0 netmask 255.255.255.128 dev eth0) and then I simply put 192.168.3.2:8080 in my browsers on my 192.168.4.0 cpu's. It worked.
Can you give me an example of a rule that I could put in my firewall to allow traffic from my 192.168.4.0 network to see my 192.168.3.0 network and why did things change after what you suggested. I dont understand what happened as far as my routing!
You may have a connection but it may also timeout or not survive a reboot..
For routing, any box needs to know what is local and what is not.
When interfaces come up, they are added to the routing tables, making their nets 'local'
The firewall needs to know where to find the 4.0 net
So if it's not local it will use it's default gateway, the internet.
A static route can be added to say the 4.0 network can be found by using the wireless router as a gateway, eg
ip route add 192.168.4.0/24 via 192.168.3.?
(Whatever the wireless router's 3.? ip address is.)
The wireless router may have a NAT built-in which translates 4.0 to 3.?, in which case anything started in the 4.0 net will be replied to.
However, no-one still knows where to find the 4.0 net without the static route.
The static route needs to be added when eth1 on the firewall is started, and that is Suse specific, I can't help there.
If the wireless router is in bridge mode, (ie doesn't have ip numbers), it should be supplying 3.0 addresses rather than 4.0 addresses.
To see each other's networks, you will need to start a wins server on the firewall and get each pc to register with it when they start.
WINS is a built in feature of Samba.
Last edited by peter_robb; 12-15-2005 at 08:03 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.