LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-05-2006, 04:50 PM   #1
jaxd
LQ Newbie
 
Registered: Jul 2006
Distribution: sme v7
Posts: 14

Rep: Reputation: 0
squid & transparent proxy issue


I organise that my users have to login to access internet
it works only If I configure The desktop internet network parameters to goes to the ip address of my SME server (e-smith V7).
It means that with this config all users defined with (pam) inside the server-manager have to login to access internet.

However, if the user'desktop is not configured to go to this proxy(the sme server), this user do not need any authentification to access internet.

What do I need to do to prevent internet access without a login first.



when i type this command---> config show squid
I receive the following answer:
squid=service
EnforceSafePorts=no
RequireAuth=pam
SafePorts=21,70,80,81,119,210,443,563,980,1024-65535
TCPPort=3128
TCPProxyPort=80:3128
TransparentPort=3128
access=private
status=disabled
[root@serv1 ~]#

Who is able to give me some advice
jaxd
 
Old 12-05-2006, 05:03 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
by the sound of it, stop doing transparent proxying and block default route port 80 traffic leaving your network. you've not said anythign about your network topology andhow you are using transparent proxying at all.
 
Old 12-06-2006, 05:17 AM   #3
jaxd
LQ Newbie
 
Registered: Jul 2006
Distribution: sme v7
Posts: 14

Original Poster
Rep: Reputation: 0
thanks Chris,
my network is very small
one sme e-smith server to go to internet (dsl)
another ethernet card to my local lan via several hubs

I organise a physical connection in each room of my house!
the clients are most of the time laptop with XP as os.

I'm certainly not a linux expert, but I tried to keep it simple and secure

do you know a method to disable the transparent proxy
and also how to block the port 80

thanks in advance
jaxd
 
Old 12-06-2006, 05:25 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
are you just asking for support for e-smith? can't help you with that i'm afraid... never heard of it.
 
Old 12-06-2006, 06:28 AM   #5
jaxd
LQ Newbie
 
Registered: Jul 2006
Distribution: sme v7
Posts: 14

Original Poster
Rep: Reputation: 0
thanks anyway
it is just a linux system!
I thought it was so generic!
regards
jaxd
 
Old 12-06-2006, 07:16 AM   #6
jaxd
LQ Newbie
 
Registered: Jul 2006
Distribution: sme v7
Posts: 14

Original Poster
Rep: Reputation: 0
I saw the following :

[root@server root]# db configuration setprop squid Transparent no
[root@server root]# signal-event remoteaccess-update

if it does not match my requirement may I reverse it like this


[root@server root]# db configuration setprop squid Transparent yes
[root@server root]# signal-event remoteaccess-update

thanks in advance for your expertise
jaxd
 
Old 12-06-2006, 07:58 AM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
these look like bespoke commands i'd have no knowledge of, sorry, can't really help you with any specifics. all i can suggest is to turn off transparent proxying if you're not familiar with what it is. and if your firewall is also being run by this e-smith thing, then prevent outbound connectivity via whatever firewalls you are currently permitting the access.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
squid (Transparent proxy) & Dansguardian metallica1973 Linux - Security 8 12-15-2005 08:52 PM
Squid as a transparent proxy kemplej Linux - Software 2 12-08-2004 06:00 PM
Squid Transparent Proxy 1jamie Linux - Security 7 09-26-2003 07:09 AM
Squid with Transparent Proxy MarleyGPN Linux - Networking 1 08-28-2003 03:51 PM
squid transparent proxy...... hitesh_linux Linux - Networking 1 06-13-2003 04:24 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration