he list, AFAIK you should NEVER use a proxy etc. on any firewall due to the buffer- overflow-problem. sorry... daniel Philipp Snizek schrieb:
Hi list, and amar, from "Down Under"
Amarendra GODBOLE wrote:
On Mon, Mar 26, 2001, the greycells of Ron Perry expressed:
Hi All,
Running squid on the firewall. External interface eth0
I've used this redirect before setting up any other chain. This catches all internal traffic to port 80 and redirects to 3128
ipchains -A input -i ! eth0 -p tcp -s 0/0 -d 0/0 80 -j
REDIRECT 3128
It seems I still need to allow connections to port 80
or/and 3128 from
the internal interfaces.
Hi,
AFAIK, the 'REDIRECT' option does not if you are using Squid to authenticate. Never checked this out. Raf ?
I'm not using squid to authenticate.
I'm now thinking that I need to ACCEPT port 3128 before I REDIRECT to port 3128. And the redirect 80 should not be ACCEPTED.
Any comments?
Yes. If you're not sure (as I'm not right now) try to log the packets by denying and logging the rules. messages and firewall logfiles will tell you what you have to do. You can also use tcpdump but better iptraf to analyze your problem.
HTH Philipp
TIA Ron ronk@sunux.com.au
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- Daniel Quappe Montag, der 26. März 2001 Systemadministrator E-Mail: quappe@erster.de Fon +49 (0)202 252 15 99 Fax +49 (0)202 52 20 99 Didn't take a look at http://www.erster.de yet ?!