From: "Zé Luís" <zeluis@objetivo-americana.com.br>
To: netfilter@lists.samba.org
Subject: Re: squid and iptables
Date: Fri, 14 Jun 2002 18:16:06 -0300 [thread overview]
Message-ID: <aee4kp$5k8$2@main.gmane.org> (raw)
In-Reply-To: 3A5DC36EC1506C40825C05BE65E62AEF0E7A0D@neptuno.idea.com.mx
Omar Castaneda Acosta wrote:
> Setup iptables to DROP/REJECT everything from the internal interface
> except -m state NEW,ESTABLISHED,RELATED on every service you want to
> allow.
thanks Omar,
i'm needing more details about how to exactly do it.
I'm opening just few ports from eth0( NET_INT, my local network) to my
eth1 firewall (my internet valid ip), like 25,53,80 and 3128 ports.
I do something like this
"iptables -A INPUT -p tcp -j ACCEPT -s 192.168.1.10/255.255.255.0 -i
eth0 -d 192.168.1.154 --dport nn"
but all traffic is made like this:
Client:
------
from: 192.168.1.10:nn
to: 192.168.1.154:3128 (my firewall, squid server)
Server:
-------
from: 192.168.1.154:3128
to: 0.0.0.0 (Internet)
All client browsers is configurated to work with proxy on port 3128.
How can i filter destination ports requests from clients machines to
external internet with proxy intercepting this traffic on 3128 port???
Very Thanks again..
Ze Luis
>
> Hi,
>
> i have a network with squid authentication on port 3128 and acl's
> controls. My users only surf with password authentication.
>
> I don't control access port with squid acl. All ports is free by squid.
>
> But,
>
> i need control wich ports each machine can access by iptables. Is it
> possible?
>
> My idea is :
>
> - squid do not control ports, only url_path, urlpath_regex, time,
> password.
>
> - iptables open and close ports (from internal mchines to internet) for
> data from proxy and other (telnet, irc, ssh and all other)
>
> My question:
>
> - Is it possible.
>
> if yes:
>
> - what chain use?
> - a example, plase ;-)
>
> if no:
>
> - what's betther way to do this
>
>
> Thanks, thanks, thanks.
>
> Ze Luis
next parent reply other threads:[~2002-06-14 21:16 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <3A5DC36EC1506C40825C05BE65E62AEF0E7A0D@neptuno.idea.com.mx>
2002-06-14 21:16 ` Zé Luís [this message]
2002-06-14 21:16 ` squid and iptables Zé Luís
2004-05-25 10:35 Squid and IPTables Sameer Gurung
-- strict thread matches above, loose matches on Subject: below --
2003-11-05 3:05 squid and iptables Carlo Florendo
2003-11-04 8:55 diseno1
2003-11-08 18:39 ` Arnt Karlsen
2002-06-14 21:53 Omar Castaneda Acosta
2002-06-14 14:12 Zé Luís
2002-06-14 14:12 Zé Luís
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='aee4kp$5k8$2@main.gmane.org' \
--to=zeluis@objetivo-americana.com.br \
--cc=netfilter@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.