LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-15-2006, 11:37 PM   #1
paul_mat
Member
 
Registered: Nov 2004
Location: Townsville, Australia
Distribution: Fedora Core 5, CentOS 4, RHEL 4
Posts: 855

Rep: Reputation: 30
Squid


I have squid running on eth1 the internal net , and i woldn't expose him to the net but i still want him to filter incoming connections coming from eth0

the iptables ...

$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

that -i eth0 is pointless there where is none server listening.

Instead if it was -i eth1 i would do webpages caching to speed up browsing for my lan pcs more than filter connections of mylan pcs going to my webserver for better security is pointless too ... was all this clear !
So i would use it to filter incoming connections from eth0 trasparently but still keeping on listen on the internal NIC eth1 and here comes another question : is not going to be port 80 for the connections coming from $MYLAN servers i don't want squid to do anyfiltering from $MYLAN computers where i have browsers also configured on port 8118 the privoxy port squid is configured as "cache_peer localhost parent 8118 7 no-query default" for privoxy and there is also tor .... so an iptable would be:

$IPT -t nat -A PREROUTING -i eth1 -p tcp --dport 8118 -j REDIRECT --to-port 3128

To give my lans' computers webcahing and privoxy-tor socks5 network

$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

But here i should have squid to listen on both interfaces eth0 and eth1 a compromise ...

I hope all this is clear i have also gave my best with my english and hope it's the right forum.... ...
 
Old 04-15-2006, 11:39 PM   #2
paul_mat
Member
 
Registered: Nov 2004
Location: Townsville, Australia
Distribution: Fedora Core 5, CentOS 4, RHEL 4
Posts: 855

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by paul_mat
I have squid running on eth1 the internal net , and i woldn't expose him to the net but i still want him to filter incoming connections coming from eth0

the iptables ...

$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

that -i eth0 is pointless there where is none server listening.

Instead if it was -i eth1 i would do webpages caching to speed up browsing for my lan pcs more than filter connections of mylan pcs going to my webserver for better security is pointless too ... was all this clear !
So i would use it to filter incoming connections from eth0 trasparently but still keeping on listen on the internal NIC eth1 and here comes another question : is not going to be port 80 for the connections coming from $MYLAN servers i don't want squid to do anyfiltering from $MYLAN computers where i have browsers also configured on port 8118 the privoxy port squid is configured as "cache_peer localhost parent 8118 7 no-query default" for privoxy and there is also tor .... so an iptable would be:

$IPT -t nat -A PREROUTING -i eth1 -p tcp --dport 8118 -j REDIRECT --to-port 3128

To give my lans' computers webcahing and privoxy-tor socks5 network

$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

But here i should have squid to listen on both interfaces eth0 and eth1 a compromise ...

I hope all this is clear i have also gave my best with my english and hope it's the right forum.... ...
thats a post i had posted on my website

http://www.yourhowto.org/component/o...id,55/catid,5/

i'm lost as to how to answer him, if anyone could help that would be great.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SQUID for blocking yahoo and msn [inc squid.conf] chrisfirestar Linux - Security 10 03-03-2008 09:33 AM
Squid: special configuration for remote Squid server hamish Linux - Software 0 12-06-2005 04:58 PM
squid message customization, hiding squid versioin rajnishmishra Linux - Networking 0 11-27-2004 04:55 AM
squid conf: squid failed when I type insert redirect_program /usr/bin/squidguard Niceman2005 Linux - Software 1 11-24-2004 03:29 PM
Squid load testing software / Squid optimisation? gundelgauk Linux - Networking 2 08-31-2004 08:36 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration