LinuxQuestions.org - Slackware box with 2 nics with squid & guarddog

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Slackware box with 2 nics with squid & guarddog (https://www.linuxquestions.org/questions/linux-security-4/slackware-box-with-2-nics-with-squid-and-guarddog-154552/)

Slackware box with 2 nics with squid & guarddog

Hi,
Ive read this forum and havent found a similar setup... On my Slackware box I am running squid(proxy) & guarddog(firewall) with 2 nics.. local & global on same machine. The situation is guarddog seems to block LAN icmp, causing LAN workstations to not ping proxy server and therefore not able to connect. But when guarddog is down things are fine. All workstations are able to connect to proxy.

Originally what I wanted was to block icmp global and allow icmp local, which guardog provided. Except is also blocked local LAN traffic. Does anyone know a way around this allowing me to adjust the iptables to allow local LAN icmp(eth0) and still block global icmp(eth1)? Your help would be much appreciated...

Thanks.

:study:

What port do you connect to your proxy with? 8080 80 8000...

Are you trying to set up a transparent proxy, forwarding port 80 to your proxy port?

proxy & firewall on same machine

[B]What port do you connect to your proxy with? 8080 80 8000...

Are you trying to set up a transparent proxy, forwarding port 80 to your proxy port?[/B]

Thanks for the reply.

Squid proxy uses 3128 by default and all workstations locally uses that port for proxy settings. The thing is the LAN workstartions cannot ping ipaddress of the proxy server with guarddog firewall enabled. Once I disable the firewall than proxy server ipaddress is pingable and proxy access is available. The proxy & firewall are on same machine, just that the firewall disables icmp locally and thats where the trouble begins. I would like it to be pingable or even better yet unreachable but still making access to proxy machine available.

Because of firewall(Guarddog) it blocks icmp... which is fine globally but need it to unblocked locally.

Thanks.

p.s. I have 2 nic's:

nic1-Internet
nic2-LAN (this nic is the one I want icmp to pingable or unreachable)

You will want to check the configuration for guarddog, make sure the port your proxy is on is open.

It's good that it isn't pingable :). Try nmap instead of pinging. As far as I know (which btw is very little) squid does nothing with echo requests, so it shouldn't matter one way or another if it pings. It should work if the port is open.

:)