hey philipp, well...the internal lan eth is not the problem at all. but the proxy is getting webcontent for you...isn't it?! and that is the point, because any html-site can contain strange content...really ;-) greets, daniel Philipp Snizek schrieb:
he list,
AFAIK you should NEVER use a proxy etc. on any firewall due to the buffer- overflow-problem. sorry...
daniel
And how do you want to to enable internet-users to apply the buffer overflow if the proxy's listens on internal lan eth?
Philipp
Philipp Snizek schrieb:
Hi list, and amar, from "Down Under"
Amarendra GODBOLE wrote:
On Mon, Mar 26, 2001, the greycells of Ron Perry expressed:
Hi All,
Running squid on the firewall. External interface eth0
I've used this redirect before setting up any other chain. This catches all internal traffic to port 80 and
redirects to 3128
ipchains -A input -i ! eth0 -p tcp -s 0/0 -d 0/0 80 -j
REDIRECT 3128
It seems I still need to allow connections to port 80
or/and 3128 from
the internal interfaces.
Hi,
AFAIK, the 'REDIRECT' option does not if you are using Squid to authenticate. Never checked this out. Raf ?
I'm not using squid to authenticate.
I'm now thinking that I need to ACCEPT port 3128 before I REDIRECT to port 3128. And the redirect 80 should not be ACCEPTED.
Any comments?
Yes. If you're not sure (as I'm not right now) try to log the packets by denying and logging the rules. messages and firewall logfiles will tell you what you have to do. You can also use tcpdump but better iptraf to analyze your problem.
HTH Philipp
TIA Ron ronk@sunux.com.au
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- Daniel Quappe Montag, der 26. März 2001 Systemadministrator E-Mail: quappe@erster.de
Fon +49 (0)202 252 15 99 Fax +49 (0)202 52 20 99
Didn't take a look at http://www.erster.de yet ?!
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- Daniel Quappe Montag, der 26. März 2001 Systemadministrator E-Mail: quappe@erster.de Fon +49 (0)202 252 15 99 Fax +49 (0)202 52 20 99 Didn't take a look at http://www.erster.de yet ?!