Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] SuSEfirewall2 with transparent proxy support
  • From: Ralf Ronneburger <ralf@xxxxxxxxxxxxxx>
  • Date: Thu, 13 Dec 2001 23:55:26 +0100
  • Message-id: <3C1931DE.6050308@xxxxxxxxxxxxxx>
Hi Robert,

I've had the same problem with my German TDSL, although I could not even access these sites over the proxy on my firewall. The problem was solved by setting mtu and mru to 1492 in /etc/ppp/peers/pppoe.

Best regards,

Ralf Ronneburger

Robert Szentmihalyi wrote:

Hi,

I have set up a DSL router (SuSE Linux 7.3, kernel 2.4.16 + grsecurity-1.9) which does packet filtering with SuSEfirewall2
Now, because of the problems some sites with impropery configured firewalls (like www.gmx.de and www.postbank.de) have with Path MTU discovery, I have set up squid on the router.

The sites are accessible now, but I don't seem to get SuSEfirewall2 to transparently redirect http traffic to port 3128, so that I don't have to configure each client to use the proxy.

I set
FW_SERVICE_SQUID="yes"
and
FW_REDIRECT="192.168.100.0/24,0/0,tcp,80,3128"
but it doesn't seem to help much...
Any ideas on what I could have overlooked?

Any better solutions to the MTU problem are also greatly appreciated.

TIA,
Robert





< Previous Next >
References