Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] SuSEfirewall2 with transparent proxy support
  • From: Andreas Niederstadt <adowntown@xxxxxxx>
  • Date: Thu, 13 Dec 2001 21:43:29 +0100
  • Message-id: <1091F39B-F00A-11D5-9134-00039315D3BE@xxxxxxx>
Hi,

I had the same problem while setting up my Firewall/Proxy. The problem seems to be an incorrect piece of sample code within the default firewall config file. At last I simply followed to the sample code from the Suse Network Booklet, where the redirect command looks like this:
FW_REDIRECT_TCP='192.xxx.xxx.xxx/yy,0/0,80,3128' or FW_REDIRECT_UDP='192.xxx.xxx.xxx/yy,0/0,80,3128' this can be done for ftp and https as well. Since my Firewall/Proxy are continuously running. Hope, this will go with you as well.

rgds

Andreas Niederstadt
Am Donnerstag den, 13. Dezember 2001, um 16:16, schrieb Robert Szentmihalyi:

Hi,

I have set up a DSL router (SuSE Linux 7.3, kernel 2.4.16 +
grsecurity-1.9) which does packet filtering with SuSEfirewall2

Now, because of the problems some sites with impropery configured
firewalls (like www.gmx.de and www.postbank.de) have with Path MTU
discovery, I have set up squid on the router.

The sites are accessible now, but I don't seem to get SuSEfirewall2
to transparently redirect http traffic to port 3128, so that I
don't have to configure each client to use the proxy.

I set
FW_SERVICE_SQUID="yes"
and
FW_REDIRECT="192.168.100.0/24,0/0,tcp,80,3128"
but it doesn't seem to help much...
Any ideas on what I could have overlooked?

Any better solutions to the MTU problem are also greatly
appreciated.

TIA,
Robert

--
Where do you want to be tomorrow?

Entracom. Building Linux systems.
http://www.entracom.de

--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx


––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
Niederstadt EDV Service
Lettenstrasse 29
D - 79424 Auggen
Tel: +49 (0)7631 173715
Fax: +49 (0)7631 173716
E-Mail: adowntown@xxxxxxx
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––


< Previous Next >
References