Mailinglist Archive: opensuse-security (605 mails)
| < Previous | Next > |
Re: [suse-security] netfilter with transparent squid
- From: "Oyku Gencay" <oykug@xxxxxxxxxx>
- Date: Fri, 12 Oct 2001 12:01:30 +0300
- Message-id: <014e01c152fc$7bfb7d80$0a01a8c0@xxxxxxxxxx>
Try this.
$IPTABLES -t nat -A PREROUTING -p TCP -i $LAN_IFACE --dport 80 -j
REDIRECT --to-port 3128
you should also have
$IPTABLES -A -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
....
$IPTABLES is the path to the iptables executable and $LAN_IFACE and
$INET_IFACE should be your corresponding NIC such as eth0, eth1.
My default polcies are to DROP, and you should also make the required
configuration in squid.
Hope this helps.
Regards,
Oyku Gencay
----- Original Message -----
From: Joelly Alexander <alex@xxxxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Friday, October 12, 2001 12:06 PM
Subject: [suse-security] netfilter with transparent squid
> does anyone know how to setup a netfilter-firewall with transparent
> squid ?
> there is a document called "transparent proxy with linux and squid
> mini-howto";
> sure it works, but only when the default policies are set to accept;
> for higher security my default policies are set to drop and the
> transparent answer my requests;
>
> does anyone have a similar szenario that works ?
> are there some samples or useful hints avaliable ?
>
> thx alex
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
$IPTABLES -t nat -A PREROUTING -p TCP -i $LAN_IFACE --dport 80 -j
REDIRECT --to-port 3128
you should also have
$IPTABLES -A -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
....
$IPTABLES is the path to the iptables executable and $LAN_IFACE and
$INET_IFACE should be your corresponding NIC such as eth0, eth1.
My default polcies are to DROP, and you should also make the required
configuration in squid.
Hope this helps.
Regards,
Oyku Gencay
----- Original Message -----
From: Joelly Alexander <alex@xxxxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Friday, October 12, 2001 12:06 PM
Subject: [suse-security] netfilter with transparent squid
> does anyone know how to setup a netfilter-firewall with transparent
> squid ?
> there is a document called "transparent proxy with linux and squid
> mini-howto";
> sure it works, but only when the default policies are set to accept;
> for higher security my default policies are set to drop and the
> transparent answer my requests;
>
> does anyone have a similar szenario that works ?
> are there some samples or useful hints avaliable ?
>
> thx alex
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
| < Previous | Next > |