Hi all! Here my scenario: Internet | | | PC1: Packet Filtering ---------+ SWITCH------- Internal LAN PC2: SQUID Proxy Server ------+ Mail Server DNS caching only server What I'm trying to configure is a kind of port forwarding from PC1 to PC2. Is this possible? HTTP, HTTPS, and FTP should be redirected from PC1 to PC2 (e.g. PC1:80 to PC2:3128) I've searched in the archives, read the HOWTO's but didn't find any answer? Any help would be VERY appreciated ! Thanks, Richard -- Richard Ems ... e-mail: r.ems@gmx.net ... Fachbereich Informatik, Universität Hamburg Unix IS user friendly. It's just selective about who its friends are.
What I'm trying to configure is a kind of port forwarding from PC1 to PC2. Is this possible? no problem. you can use "ipmasqadm portfw", redir, ssh -R ... HTTP, HTTPS, and FTP should be redirected from PC1 to PC2 (e.g. PC1:80 to PC2:3128) you mean, pc's from the internal net accessing web-servers outside should be redirected to squid? I've never tried it, but you must switch squid into some kind of "transparent mode" because just redirecting won't work. (redirecting itself can be achieved by using ipmasqadm )
hth. Markus Gaugusch -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
Hi, Try to recompile your kernel to enable transparent proxy stuff, then use SuSE firewall packages to actually configure PC1 to forward packets to PC2. (or vice versa) See www.squid-cache.org 's FAQ section for details about the config of SQUID when beeing used as transparent proxy.. Regards -- Mit freundlichen Grüßen Alexander Bien -- PIRONET NDH Alexander Bien - Technical Assistant - SBU Services Josef-Lammerting-Allee 14-18, 50933 Cologne - Germany Tel.: +49 (0)172 7760569 - Fax: +49 (0)221 770 2815 mailto:abien@pironet.com - http://www.pironet.com
-----Original Message----- From: r.ems@gmx.net [mailto:r.ems@gmx.net]On Behalf Of Richard Ems Sent: Friday, February 02, 2001 3:02 PM To: suse-security@suse.com Subject: [suse-security] Transparent proxy ...
Hi all!
Here my scenario:
Internet | | | PC1: Packet Filtering ---------+
SWITCH------- Internal LAN PC2: SQUID Proxy Server ------+ Mail Server DNS caching only server
What I'm trying to configure is a kind of port forwarding from PC1 to PC2. Is this possible? HTTP, HTTPS, and FTP should be redirected from PC1 to PC2 (e.g. PC1:80 to PC2:3128)
I've searched in the archives, read the HOWTO's but didn't find any answer?
Any help would be VERY appreciated !
Thanks, Richard
-- Richard Ems ... e-mail: r.ems@gmx.net ... Fachbereich Informatik, Universität Hamburg
Unix IS user friendly. It's just selective about who its friends are.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi all!
Here my scenario:
Internet | | | PC1: Packet Filtering ---------+
SWITCH------- Internal LAN PC2: SQUID Proxy Server ------+ Mail Server DNS caching only server
What I'm trying to configure is a kind of port forwarding from PC1 to PC2. Is this possible? HTTP, HTTPS, and FTP should be redirected from PC1 to PC2 (e.g. PC1:80 to PC2:3128)
Be careful. pasv ftp does not work with squid in trans proxy mode. I don't see where the problem is. Tell the browsers on your clients in internal LAN that they must access PC2 (your proxy) on port e.g. 8080 (the same with mail and dns), and PC2 will forward this to PC1 (because PC1 is defined as standard gateway for PC2) and then to the inet. When PC1 is getting the answer from inet it will forward it to PC2 (where the request just before came from) and PC2 will answer to internal LAN PCs. Or do I missunderstand something? Pls let me know. But for this I think trans proxy is definitely no solution. HTH Philipp
participants (4)
-
Alexander Bien
-
Markus Gaugusch
-
Philipp Snizek
-
Richard Ems