Mailinglist Archive: opensuse-security (605 mails)
| < Previous | Next > |
Re: [suse-security] netfilter with transparent squid
- From: "Oyku Gencay" <oykug@xxxxxxxxxx>
- Date: Fri, 12 Oct 2001 12:13:04 +0300
- Message-id: <017201c152fe$19cb28c0$0a01a8c0@xxxxxxxxxx>
You should load the necessary kernel modules for ftp or static compile in to
the kernel. The kernel module takes car of the protocol details for ftp.
----- Original Message -----
From: Philipp Snizek <mailinglists@xxxxxxxxx>
To: 'SuSE Security' <suse-security@xxxxxxx>
Sent: Friday, October 12, 2001 12:13 PM
Subject: AW: [suse-security] netfilter with transparent squid
>
> Does this also work for ftp?
>
>
> >
> >
> >Sorry not to mention that squid runs on the firewall.
> >----- Original Message -----
> >From: Oyku Gencay <oykug@xxxxxxxxxx>
> >To: Joelly Alexander <alex@xxxxxxxxxx>; SuSE Security
> ><suse-security@xxxxxxx>
> >Sent: Friday, October 12, 2001 12:01 PM
> >Subject: Re: [suse-security] netfilter with transparent squid
> >
> >
> >> Try this.
> >>
> >> $IPTABLES -t nat -A PREROUTING -p TCP -i $LAN_IFACE --dport 80 -j
> >> REDIRECT --to-port 3128
> >> you should also have
> >> $IPTABLES -A -m state --state ESTABLISHED,RELATED -j ACCEPT
> >> $IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
> >> ....
> >>
> >> $IPTABLES is the path to the iptables executable and $LAN_IFACE and
> >> $INET_IFACE should be your corresponding NIC such as eth0, eth1.
> >>
> >> My default polcies are to DROP, and you should also make the required
> >> configuration in squid.
> >>
> >> Hope this helps.
> >>
> >> Regards,
> >> Oyku Gencay
> >>
> >> ----- Original Message -----
> >> From: Joelly Alexander <alex@xxxxxxxxxx>
> >> To: <suse-security@xxxxxxxx>
> >> Sent: Friday, October 12, 2001 12:06 PM
> >> Subject: [suse-security] netfilter with transparent squid
> >>
> >>
> >> > does anyone know how to setup a netfilter-firewall with transparent
> >> > squid ?
> >> > there is a document called "transparent proxy with linux and squid
> >> > mini-howto";
> >> > sure it works, but only when the default policies are set
> >to accept;
> >> > for higher security my default policies are set to drop and the
> >> > transparent answer my requests;
> >> >
> >> > does anyone have a similar szenario that works ?
> >> > are there some samples or useful hints avaliable ?
> >> >
> >> > thx alex
> >> >
> >> > --
> >> > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> >> > For additional commands, e-mail: suse-security-help@xxxxxxxx
> >> >
> >>
> >>
> >> --
> >> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> >> For additional commands, e-mail: suse-security-help@xxxxxxxx
> >>
> >
> >
> >--
> >To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> >For additional commands, e-mail: suse-security-help@xxxxxxxx
> >
>
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
the kernel. The kernel module takes car of the protocol details for ftp.
----- Original Message -----
From: Philipp Snizek <mailinglists@xxxxxxxxx>
To: 'SuSE Security' <suse-security@xxxxxxx>
Sent: Friday, October 12, 2001 12:13 PM
Subject: AW: [suse-security] netfilter with transparent squid
>
> Does this also work for ftp?
>
>
> >
> >
> >Sorry not to mention that squid runs on the firewall.
> >----- Original Message -----
> >From: Oyku Gencay <oykug@xxxxxxxxxx>
> >To: Joelly Alexander <alex@xxxxxxxxxx>; SuSE Security
> ><suse-security@xxxxxxx>
> >Sent: Friday, October 12, 2001 12:01 PM
> >Subject: Re: [suse-security] netfilter with transparent squid
> >
> >
> >> Try this.
> >>
> >> $IPTABLES -t nat -A PREROUTING -p TCP -i $LAN_IFACE --dport 80 -j
> >> REDIRECT --to-port 3128
> >> you should also have
> >> $IPTABLES -A -m state --state ESTABLISHED,RELATED -j ACCEPT
> >> $IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
> >> ....
> >>
> >> $IPTABLES is the path to the iptables executable and $LAN_IFACE and
> >> $INET_IFACE should be your corresponding NIC such as eth0, eth1.
> >>
> >> My default polcies are to DROP, and you should also make the required
> >> configuration in squid.
> >>
> >> Hope this helps.
> >>
> >> Regards,
> >> Oyku Gencay
> >>
> >> ----- Original Message -----
> >> From: Joelly Alexander <alex@xxxxxxxxxx>
> >> To: <suse-security@xxxxxxxx>
> >> Sent: Friday, October 12, 2001 12:06 PM
> >> Subject: [suse-security] netfilter with transparent squid
> >>
> >>
> >> > does anyone know how to setup a netfilter-firewall with transparent
> >> > squid ?
> >> > there is a document called "transparent proxy with linux and squid
> >> > mini-howto";
> >> > sure it works, but only when the default policies are set
> >to accept;
> >> > for higher security my default policies are set to drop and the
> >> > transparent answer my requests;
> >> >
> >> > does anyone have a similar szenario that works ?
> >> > are there some samples or useful hints avaliable ?
> >> >
> >> > thx alex
> >> >
> >> > --
> >> > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> >> > For additional commands, e-mail: suse-security-help@xxxxxxxx
> >> >
> >>
> >>
> >> --
> >> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> >> For additional commands, e-mail: suse-security-help@xxxxxxxx
> >>
> >
> >
> >--
> >To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> >For additional commands, e-mail: suse-security-help@xxxxxxxx
> >
>
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
| < Previous | Next > |