LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Ubuntu behind proxy, and access only to several IP addresses (https://www.linuxquestions.org/questions/linux-newbie-8/ubuntu-behind-proxy-and-access-only-to-several-ip-addresses-4175452791/)

proNick 03-05-2013 09:16 AM

Ubuntu behind proxy, and access only to several IP addresses
 
On my local network I have to setup Linux Ubuntu boxes, so their users will be able to access only to few (2-3) domains. Also, all of those Linux Ubuntu boxes are behind Proxy.

Tried to configure this using Firestarter, but I did not make it after several hours of attempts.

Most of the time I had two cases - or I was able to access to all of Internet, or wasn't at all (in Firefox I was getting message "The proxy server is refusing connections").

IP address of Proxy server is 192.168.21.155.

What I tried with Firestarter is to define Outbound traffic policy as Restrictive by default => whitelist traffic => Allow connections to host: 192.168.21.155, and several IP addresses I want to give access. But no luck, all of the websites where blocked in this case.

Also, tried to Allow service DNS (port 53), and Http-alt (port 8080) to several IP addresses I want to give access.

But I did not make it.

Also, I removed UFW (Uncomplicated Firewall) with all of it's definition, and on Iptables I have no rule defined.

Can you help me please how to configure firewall in this case?

acid_kewpie 03-05-2013 09:30 AM

when you've applied a rulebase, actually SHOW us the config, you can't possibly describe it. run "iptables -vnL"

If you're using an explicit proxy like you appear to be doing from the FX error, you should ONLY need to permit access to the port on the proxy server (for the web access that is, obviously there are other background default rules for other unrelated things). DNS would be done on the proxy itself, not the client under just about all configurations.

---------- Post added 05-03-13 at 03:30 PM ----------

when you've applied a rulebase, actually SHOW us the config, you can't possibly describe it. run "iptables -vnL"

If you're using an explicit proxy like you appear to be doing from the FX error, you should ONLY need to permit access to the port on the proxy server (for the web access that is, obviously there are other background default rules for other unrelated things). DNS would be done on the proxy itself, not the client under just about all configurations.

proNick 03-05-2013 10:21 AM

tnx, but if i give access to proxy's port 8080, i will have access to whole internet, and i need access only to several ip addresses. that's where i have a problem.

acid_kewpie 03-05-2013 10:47 AM

configure the proxy then. That's the point of the proxy. you can't fix that by iptables if they can reach a proxy that's not configured right.

proNick 03-05-2013 10:52 AM

i don't have access to proxy configuration (if it is that what you mean). i can setup only linux ubuntu boxes.

and just to mention, that if firewall (in this case firestarter) is closed (disabled), i have full access to internet, so there are no problem in proxy, only problem is with firewall configuration.

acid_kewpie 03-05-2013 02:22 PM

so what is the firewall ruleset you're looking at using?


All times are GMT -5. The time now is 05:05 AM.