Mailinglist Archive: opensuse-security (12 mails)

< Previous Next >
[opensuse-security] SuSEfirewall2 and an non local transparent squid proxy
  • From: Hans-Peter Jansen <hpj@xxxxxxxxx>
  • Date: Sun, 08 May 2016 00:14:32 +0200
  • Message-id: <10232173.MV3ViE5kq0@xrated>
Hi,

in a LAN setup, there's a fairly current squid proxy running (3.5.17), which
is NOT on the firewall, while the FW is located on a low end system running
an older openSUSE with SuSEfirewall2.

FW_DEV_EXT="dsl0"
FW_DEV_INT="eth0"

e.g. the usual simple DSL <-> masqueraded LAN setup.

Using the xxxx_proxy environment settings work fine with collaborating
systems, but I would like to force all local systems through the squid.

I tried to add something similar to /etc/sysconfig/scripts/SuSEfirewall2-custom:
iptables -t nat -A PREROUTING -i eth0 -s ! squid-server -p tcp --dport 80 -j
DNAT --to squid-server:3128
iptables -t nat -A POSTROUTING -o eth0 -s local-net -d squid-server -j SNAT
--to 172.16.23.1
iptables -A FORWARD -s local-net -d squid-server -i eth0 -o eth0 -p tcp --dport
3128 -j ACCEPT

in the fw_custom_after_antispoofing hook, and others, but failed so far.

Source: http://tldp.org/HOWTO/TransparentProxy-6.html

Any other way to archive something similar is welcomed of course, e.g.
redirect 0/0:80 to squid-server:3128, but squid-server itself.

Thanks,
Pete


--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
This Thread
  • No further messages