Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
We have 2 proxy server, 192.168.0.1 & 192.168.0.2. Both of them connect to different ISP.
Each of our client use IE proxy that connect to 192.168.0.2:3128, but all of them use 192.168.0.1 as their primary gateway setting. Don't ask why, it's a long story.
We want to filter the connection to let say 222.222.222.222, so that everyone that type that address in IE will be forced to use 192.168.0.1:3128 proxy.
I tried putting this in 192.168.0.2 firewall rules:
iptables -t nat -A PREROUTING -i ${L/WAN} -p tcp -d 222.222.222.222 -j DNAT --to 192.168.0.1:3128
or
iptables -t nat -A OUTPUT -p tcp -d 222.222.222.222 -j DNAT --to 192.168.0.1:3128
or
iptables -t nat -A POSTROUTING -i ${L/WAN} -p tcp -d 222.222.222.222 -j SNAT --to 192.168.0.1:3128
and none of them work.... how do I filter a connection that already use proxy?
wouldn't this be easier to solve by using one of the pac files for IE proxy setup, lets you list rules for which proxy certain addresses should be sent too.
wouldn't this be easier to solve by using one of the pac files for IE proxy setup, lets you list rules for which proxy certain addresses should be sent too.
is this done in the client or the server?
because I need it done in the proxy server itself in case the list changed. It'll be too much hassle to change configuration in all our clients' computer.
You do not install it. You need to write a script that is basically more of a JS. And then configure your DNS for wpad. Take a look at the link in the above post for reference. The scripts in the link may just work for you the way they are.
You do not install it. You need to write a script that is basically more of a JS. And then configure your DNS for wpad. Take a look at the link in the above post for reference. The scripts in the link may just work for you the way they are.
? don't quite get it.
I just read the requirement for WPAD and I read this "The file named wpad.dat must be located in the WPAD web site's root directory."
I got the impression that this might not be what I was looking for.... because the destination 222.222.222.222 I'm referring to is not our web server, it's public.
I just need to filter connection coming from LAN(192.168.0.1/24, eth0) to determine which ISP that particular client should use to connect to a certain public website(in my example 222.222.222.222).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
