Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have Squid running OK and getting connections from external IP addresses all right but I have run now into the following problem. The company that I work for part-time has only the 80th port open. I tried to set my Squid http_port to 80 but then it conflicts with my Apache that has web-sites hosted on the 80th port as well. Could anybody advise, please if it's possible to create an iptables rule that will grab the incoming connection from my work's static IP address let's say 1.1.1.1 that hits the 80th port and redirect it to my Squids port 3128? Will that ever work? Will this re-route the traffic from only one IP address on port 80 to port 3128, leaving Apache alone and making Squid work?
Are there perhaps any other solutions to overcome only one open port (80) and making Squid work without creating any mess with Apache that functions on the same port (80) too?
I would appreciate any comments / suggestions / pointers at all! Many thanks!
I'd guess that if your company has asked you to set up a web server for them that they would also support you in providing the appropriate IP ports for the use of that web server. What have they said about allowing versus dis-allowing the ports you need?
Hope this will help somone out there to bypass it as well when all the other ports except for 80 are closed / blocked.
The rule above redirects the traffic that comes from the IP address of 1.1.1.1 (example) to the 80th port and sends it over to the port number 3128. Thus, you are able to set your Squid to listen to 3128 and set your proxy in a browser you are using to use the port number 80. Done! I have it working perfectly well now :-))) That's provided the source IP address in this case is static of course.
I understood what you wished to do and wanted to know whether or not the limitations were true technical or business decisions, and if the alternative existed to not have 3128 blocked.
Glad you found a solution. To aid future solution seekers for this type of problem, please mark the thread as solved.
These are most probably business 'overkill' decisions in my opinion as being that afraid to let people use company's computers is a bit ridiculous. They have absolutely everything "on passwords", "log ins", and so on and this is not a bank to have so much protection against your 'own' employees. If they are that much security concerned they could simply remove all the computers and give their staff pens and paper instead, that would be the safest. That's a matter of trust in my understanding. But honestly speaking I do not care what they do to their IT systems, all I wanted to do was to be able to connect to the internet for my personal purposes and that's it. I do not work for their IT department so they can have it the way they wish and see fit, that's none of my business.
Yep, this is solved :-))) as per my previous post's explanations. :-)))
I would think that this company's business decisions reflect that it is their network and they are responsible for the content which is on that network, and that their further expectations are that all use of their network is for company business only and not for someone's personal networking purposes. I don't feel it is too ridiculous of a concept to have passwords on all systems and resources, and to require logins to be able to access their systems. As you well know, given that it is their network, any personal, or personal business information of yours which you pass through their networks, they can access, they can use, and they can choose to store or divulge in any manner they see fit.
Like I said it's up to them but when http is allowed and https is blocked is really beyond my understanding. I did not dig much into why it's being done this way and whose smart idea was that, I am only having a temp contract with them and they can have it the way they please.
Having said that it was the overkill in my opinion I meant to say that when I worked for a bank it was less secure and they had less passwords and restrictions internally than this truck haulage company where there is basically nothing as sensitive as money/gold in banks that has to be that much over-protected.
Anyway, this is not a business forum and I do not really care if the way they run it is good or bad. I am much more interested in Linux, administering it and web-developing.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.