SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a local gateway/firewall/proxy server/web server running Slackware64. I just installed and configured Squid on it, and it runs quite nice. I've configured iptables so all HTTP requests get redirected to port 3128 (Squid defaults), so I don't have to configure the proxy individually in every users' browser (and more important, they can't disable Squidguard filtering anymore ).
Here's what the according line in my rc.firewall looks like:
Code:
# Rediriger les requêtes HTTP vers le proxy Squid
$IPT -t nat -A PREROUTING -i $IFACE_LAN -p tcp --dport 80 -j REDIRECT --to-port 3128
Now the problem is, I also have a local webserver running on that same machine. This server is not supposed to be accessible from the Internet, it merely serves as a local package repo for various Linux distros, for use with various netinstall CDs.
Question: how can I still go on using this server without requests being redirected to Squid? E. g. usually all port 80 requests get redirected to port 3128, except for this single machine. I sense the answer is a simple one-liner, but I'm stuck here. Too much coffee, not enough sleep.
what do you mean "except for this single machine"? is this single machine not the proxy?
Generically you can just put a different aliased IP on the same interface to keep things very separate, or you can exclude the destination IP of the machine itself in that line, e.g add "-d ! 192.168.12.34" or whatever to that line.
Generally I don't like transparent proxies anyway, I'd not do that in the first place. There are good ways to stop people bypassing proxies by automatically configuring their browsers
what do you mean "except for this single machine"? is this single machine not the proxy?
Generally I don't like transparent proxies anyway, I'd not do that in the first place. There are good ways to stop people bypassing proxies by automatically configuring their browsers
Well, I do need a transparent proxy here. It's for a network in a school - currently running a 100% CentOS-based network - and after a few months, most of the students had it figured out how to bypass proxy configuration in Firefox, which allowed them to happily surf porn sites and the likes.
By "except for this single machine", I mean requests for the Apache server on this machine:
Well, I do need a transparent proxy here. It's for a network in a school - currently running a 100% CentOS-based network - and after a few months, most of the students had it figured out how to bypass proxy configuration in Firefox, which allowed them to happily surf porn sites and the likes.
You're fixing the wrong problem. You need a firewall, they're probably still poking all sorts of holes you don't know about. They could easily run tor on your systems, right?? maybe they already are.
Quote:
Originally Posted by kikinovak
By "except for this single machine", I mean requests for the Apache server on this machine:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.