LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Iptables + squid + dansguardian problem (https://www.linuxquestions.org/questions/linux-networking-3/iptables-squid-dansguardian-problem-856244/)

struggled_newbie 01-14-2011 01:39 AM
Iptables + squid + dansguardian problem
 
Dear LINUX GURUS,

is this possible on 2 Linux boxes will act as a INTERNET Firewall + Filtering:

1st PC = CENTOS 5.5
functions as a firewall using iptables with two NICS 1=ETH0 connected to internet with a public ip and 1=ETH1 with ip address of 10.0.0.1 connected to the 2nd PC Centos 5.5 with squid/dansguardian with ip address of 10.0.0.2


2nd PC = Centos 5.5
functions as a squid + dansguardian internet filtering with 2 NICS 1=ETH0 with ip address of 10.0.0.2 connected to the ETH1 of the 1st PC with ip address of 10.0.0.1 and 2nd ETH1=connected to LAN (172.16.1.0/24)

does this make sense?

this might be confusing but I just want to try this, to protect incoming ssh from our previous Sys admins who intended to enter the LAN 172.16.1.0/24 network. And also to confuse them that they have to pass through 10.0.0.1 - 2.

struggled_newbie 01-18-2011 09:00 PM
help

Quote:
Originally Posted by struggled_newbie (Post 4223829)
Dear LINUX GURUS,

is this possible on 2 Linux boxes will act as a INTERNET Firewall + Filtering:

1st PC = CENTOS 5.5
functions as a firewall using iptables with two NICS 1=ETH0 connected to internet with a public ip and 1=ETH1 with ip address of 10.0.0.1 connected to the 2nd PC Centos 5.5 with squid/dansguardian with ip address of 10.0.0.2


2nd PC = Centos 5.5
functions as a squid + dansguardian internet filtering with 2 NICS 1=ETH0 with ip address of 10.0.0.2 connected to the ETH1 of the 1st PC with ip address of 10.0.0.1 and 2nd ETH1=connected to LAN (172.16.1.0/24)

does this make sense?

this might be confusing but I just want to try this, to protect incoming ssh from our previous Sys admins who intended to enter the LAN 172.16.1.0/24 network. And also to confuse them that they have to pass through 10.0.0.1 - 2.

kaushalpatel1982 01-18-2011 10:45 PM
What I understand is, Your previous sysadmin can access ssh from the internet. and you want to prevent him to access your internal network.

If you don't want to access ssh from internet create iptables rule that deny access on your first PC :

#iptables -t INPUT -i eth0 -p tcp --dport 22 -j DROP.

You can also use knockd service to access ssh from internet.

struggled_newbie 01-19-2011 12:46 AM
Quote:
Originally Posted by kaushalpatel1982 (Post 4229601)
What I understand is, Your previous sysadmin can access ssh from the internet. and you want to prevent him to access your internal network.

If you don't want to access ssh from internet create iptables rule that deny access on your first PC :

#iptables -t INPUT -i eth0 -p tcp --dport 22 -j DROP.

You can also use knockd service to access ssh from internet.
but does this example possible? I mean is this applicable:



INTERNET (120.80.13.69) 2nd NIC (10.0.0.1) SQUID (10.0.0.2) LAN(172.16.1.1)
ETH0 -----------------> ETH1 ----------------> ETH0 -----------> ETH1


All times are GMT -5. The time now is 06:36 AM.