LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-18-2003, 03:14 AM   #1
mule
Member
 
Registered: Aug 2003
Posts: 81

Rep: Reputation: 15
transparent firewall / proxy


Hi all,

in security concerns, i am a absolute beginner. nevermind, i have a small network @home. on this net, each pc connects to a small server having iptables and squid in standard-configuration from suse 8.0 (it's quite an ancient machine...p1/133 mhz)

how do i have to do this? what changes do i have to issue on squid? which rules have i to insert in iptables? i found many posts here, but never was sure, wheather it is complete or not....

normally, i thought, i just leave the squid.conf as it is and just insert a port-redirection for from port 80 to 3128 with
iptables -t nat -A PREROUTING -i eth0 (my internal lan-card) -p tcp --dport 80 -j DNAT --to 192.168.0.254 (any natting adress desired)
, and thats all....but, is this really all?? thanx for any help
 
Old 08-18-2003, 04:01 AM   #2
mule
Member
 
Registered: Aug 2003
Posts: 81

Original Poster
Rep: Reputation: 15
sorry, think command must be: $IPTABLES -t nat -A PREROUTING -i $IN_ETH (nic of internal lan) -p tcp
--dport 80 -j REDIRECT --to-port 3128
 
Old 08-18-2003, 04:29 AM   #3
jalal
Member
 
Registered: Aug 2003
Location: .bh
Distribution: Gentoo
Posts: 188

Rep: Reputation: 30
I am not sure if this will suit your requirements, but I currently do this with IPTABLES only.

I have an eth0 and a ppp0, with ip_forward enabled, and iptables set to MASQUERADE, i.e.

iptables -t nat -A POSTROUTING -s <my-other-pc-ip> -o ppp0 -j MASQUERADE

and this will nat all traffic. if you want to give people only HTTP access, you can add a rule to iptables.
 
Old 08-18-2003, 04:50 AM   #4
mule
Member
 
Registered: Aug 2003
Posts: 81

Original Poster
Rep: Reputation: 15
this is natting the connection...no, my goal is leaving squid listening on port 3128 as is but having my browsers just with standard-setting and no entry for a proxy-server
 
Old 08-18-2003, 06:12 AM   #5
mule
Member
 
Registered: Aug 2003
Posts: 81

Original Poster
Rep: Reputation: 15
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
...thats what i have done now, and nothing else! does anybody knows, whether this is working? all this does is redirecting requests on eth0 from port 80 to 3128....
 
Old 08-19-2003, 02:38 AM   #6
mule
Member
 
Registered: Aug 2003
Posts: 81

Original Poster
Rep: Reputation: 15
after long research, i found the following article, which is quite good to
configure squid and iptables to act as proxy server:

http://www.tldp.org/HOWTO/TransparentProxy.html

hope this helps others too!

Cheers,
Roger
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
transparent proxy mattsthe2 Linux - Networking 9 10-26-2005 09:44 AM
Transparent Proxy krock923 Linux - Networking 1 04-28-2005 07:43 PM
Transparent Proxy ilnli Linux - Networking 3 10-18-2004 07:01 PM
Transparent Proxy vinhhv Linux - Networking 0 07-23-2003 02:01 AM
Mandrake Single Network Firewall and transparent proxy Nucklez Linux - Networking 1 11-29-2001 10:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration