Mailinglist Archive: opensuse-security (605 mails)
| < Previous | Next > |
Re: [suse-security] netfilter with transparent squid
- From: "Oyku Gencay" <oykug@xxxxxxxxxx>
- Date: Fri, 12 Oct 2001 12:04:38 +0300
- Message-id: <016401c152fc$ebe9f860$0a01a8c0@xxxxxxxxxx>
Sorry not to mention that squid runs on the firewall.
----- Original Message -----
From: Oyku Gencay <oykug@xxxxxxxxxx>
To: Joelly Alexander <alex@xxxxxxxxxx>; SuSE Security
<suse-security@xxxxxxx>
Sent: Friday, October 12, 2001 12:01 PM
Subject: Re: [suse-security] netfilter with transparent squid
> Try this.
>
> $IPTABLES -t nat -A PREROUTING -p TCP -i $LAN_IFACE --dport 80 -j
> REDIRECT --to-port 3128
> you should also have
> $IPTABLES -A -m state --state ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
> ....
>
> $IPTABLES is the path to the iptables executable and $LAN_IFACE and
> $INET_IFACE should be your corresponding NIC such as eth0, eth1.
>
> My default polcies are to DROP, and you should also make the required
> configuration in squid.
>
> Hope this helps.
>
> Regards,
> Oyku Gencay
>
> ----- Original Message -----
> From: Joelly Alexander <alex@xxxxxxxxxx>
> To: <suse-security@xxxxxxxx>
> Sent: Friday, October 12, 2001 12:06 PM
> Subject: [suse-security] netfilter with transparent squid
>
>
> > does anyone know how to setup a netfilter-firewall with transparent
> > squid ?
> > there is a document called "transparent proxy with linux and squid
> > mini-howto";
> > sure it works, but only when the default policies are set to accept;
> > for higher security my default policies are set to drop and the
> > transparent answer my requests;
> >
> > does anyone have a similar szenario that works ?
> > are there some samples or useful hints avaliable ?
> >
> > thx alex
> >
> > --
> > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > For additional commands, e-mail: suse-security-help@xxxxxxxx
> >
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
----- Original Message -----
From: Oyku Gencay <oykug@xxxxxxxxxx>
To: Joelly Alexander <alex@xxxxxxxxxx>; SuSE Security
<suse-security@xxxxxxx>
Sent: Friday, October 12, 2001 12:01 PM
Subject: Re: [suse-security] netfilter with transparent squid
> Try this.
>
> $IPTABLES -t nat -A PREROUTING -p TCP -i $LAN_IFACE --dport 80 -j
> REDIRECT --to-port 3128
> you should also have
> $IPTABLES -A -m state --state ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
> ....
>
> $IPTABLES is the path to the iptables executable and $LAN_IFACE and
> $INET_IFACE should be your corresponding NIC such as eth0, eth1.
>
> My default polcies are to DROP, and you should also make the required
> configuration in squid.
>
> Hope this helps.
>
> Regards,
> Oyku Gencay
>
> ----- Original Message -----
> From: Joelly Alexander <alex@xxxxxxxxxx>
> To: <suse-security@xxxxxxxx>
> Sent: Friday, October 12, 2001 12:06 PM
> Subject: [suse-security] netfilter with transparent squid
>
>
> > does anyone know how to setup a netfilter-firewall with transparent
> > squid ?
> > there is a document called "transparent proxy with linux and squid
> > mini-howto";
> > sure it works, but only when the default policies are set to accept;
> > for higher security my default policies are set to drop and the
> > transparent answer my requests;
> >
> > does anyone have a similar szenario that works ?
> > are there some samples or useful hints avaliable ?
> >
> > thx alex
> >
> > --
> > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > For additional commands, e-mail: suse-security-help@xxxxxxxx
> >
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
| < Previous | Next > |