Hi all, imagine a server (SuSE 7.3) at a school with diskless clients (etherboot/ltsp) working on it. Internet via ippp0, ibod, iptables, SuSEFirewall2 2.0, junkbuster (Port 1234) [to keep the kids away from 'junk'] chained to squid (Port 5678). Clients connected via eth0. Idea is not to allow direct http access for eth0 and local accounts, all this traffic has to run through the proxy chain. Redirect-Rule in firewall2.rc.config: FW_REDIRECT="0/0,0/0,tcp,80,1234" The traffic gets not redirected, no log entries about redirect. The same thing worked on 7.0 with ipchains and firewall 1.7. Any ideas ? Thanks in advance -- Thomas Götz
Hi Thomas, are you sure, that the firewall is running? Check that out first, try to do something that's not allowed or use iptables -vL. Greetings, Ralf Thomas Goetz wrote:
Hi all,
imagine a server (SuSE 7.3) at a school with diskless clients (etherboot/ltsp) working on it. Internet via ippp0, ibod, iptables, SuSEFirewall2 2.0, junkbuster (Port 1234) [to keep the kids away from 'junk'] chained to squid (Port 5678).
Clients connected via eth0.
Idea is not to allow direct http access for eth0 and local accounts, all this traffic has to run through the proxy chain.
Redirect-Rule in firewall2.rc.config: FW_REDIRECT="0/0,0/0,tcp,80,1234"
The traffic gets not redirected, no log entries about redirect.
The same thing worked on 7.0 with ipchains and firewall 1.7.
Any ideas ?
Thanks in advance
Hi Ralph, of course I've checked this ! Regards Thomas Ralf Ronneburger schrieb:
Hi Thomas,
are you sure, that the firewall is running? Check that out first, try to do something that's not allowed or use iptables -vL.
Greetings,
Ralf
Thomas Goetz wrote:
Hi all,
imagine a server (SuSE 7.3) at a school with diskless clients (etherboot/ltsp) working on it. Internet via ippp0, ibod, iptables, SuSEFirewall2 2.0, junkbuster (Port 1234) [to keep the kids away from 'junk'] chained to squid (Port 5678).
Clients connected via eth0.
Idea is not to allow direct http access for eth0 and local accounts, all this traffic has to run through the proxy chain.
Redirect-Rule in firewall2.rc.config: FW_REDIRECT="0/0,0/0,tcp,80,1234"
The traffic gets not redirected, no log entries about redirect.
The same thing worked on 7.0 with ipchains and firewall 1.7.
Any ideas ?
Thanks in advance
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- ----------------------------------------------------------------- Thomas Götz * Röntgenstrasse 37 * 95032 Hof * +49 9281 92323 http://www.bnhof.de/~ho4562 mailto:Thomas.Goetz@bnhof.de ----------------------------------------------------------------- Wir, die guten Willens sind, geführt von Ahnungslosen, versuchen für die Undankbaren, das Unmögliche mit Unfähigen zu erreichen. (Kung Fu Tse, AKA Konfuzius) -----------------------------------------------------------------
Hi Thomas, I used this one in my old configuration file under 7.3: FW_REDIRECT="192.168.0.0/24,0/0,tcp,80,3128" and it worked. Try iptables -vL to find out, what SuSEFirewall comes up with after processing your config-file. Besides, I would not use "0/0,0/0" for a proxy, because you probably only want the people from the inside to use your proxy... Best Regards, Ralf Thomas Goetz wrote:
Hi Ralph,
of course I've checked this !
Regards Thomas
Ralf Ronneburger schrieb:
Hi Thomas,
are you sure, that the firewall is running? Check that out first, try to do something that's not allowed or use iptables -vL.
Greetings,
Ralf
Thomas Goetz wrote:
Hi all,
imagine a server (SuSE 7.3) at a school with diskless clients (etherboot/ltsp) working on it. Internet via ippp0, ibod, iptables, SuSEFirewall2 2.0, junkbuster (Port 1234) [to keep the kids away from 'junk'] chained to squid (Port 5678).
Clients connected via eth0.
Idea is not to allow direct http access for eth0 and local accounts, all this traffic has to run through the proxy chain.
Redirect-Rule in firewall2.rc.config: FW_REDIRECT="0/0,0/0,tcp,80,1234"
The traffic gets not redirected, no log entries about redirect.
The same thing worked on 7.0 with ipchains and firewall 1.7.
Any ideas ?
Thanks in advance
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (3)
-
Ralf Ronneburger
-
Thomas Goetz
-
Thomas Goetz