* by passing transparent proxy
@ 2005-09-06 11:11 Askar
2005-09-06 16:33 ` /dev/rob0
0 siblings, 1 reply; 4+ messages in thread
From: Askar @ 2005-09-06 11:11 UTC (permalink / raw)
To: netfilter
hi list
i have a very simple question, we have a transparent proxy "squid" for our
users, this machine is also the default gateway for the user. which mean all
the traffic of the client do pass from this machine whether its port 80 or
not.
All teh port 80 traffic redirected to squid 3128 by ...
$iptables -t nat -A PREROUTING -i eth0 -p tcp -s 0/0 --dport 80 -j REDIRECT
--to-port 3128
Now I want to a client -s xx.xx.xx.xx access a site -d xx.xx.xx.xx then his
traffic by pass the squid. actaully if the client xx.xx goes through squid
while accessing that site then the far end web server gives him permission
denied.
However on web server I could only allow the static ip of the client
xx.xxbut not the squid server. its a secure web server.
any help in this regards wil be greatly appreciated
regards
askar
--
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: by passing transparent proxy
2005-09-06 11:11 by passing transparent proxy Askar
@ 2005-09-06 16:33 ` /dev/rob0
2005-09-06 19:37 ` Askar
0 siblings, 1 reply; 4+ messages in thread
From: /dev/rob0 @ 2005-09-06 16:33 UTC (permalink / raw)
To: netfilter
On Tuesday 2005-September-06 06:11, Askar wrote:
> All teh port 80 traffic redirected to squid 3128 by ...
>
> $iptables -t nat -A PREROUTING -i eth0 -p tcp -s 0/0 --dport 80 -j
> REDIRECT --to-port 3128
>
> Now I want to a client -s xx.xx.xx.xx access a site -d xx.xx.xx.xx
> then his traffic by pass the squid. actaully if the client xx.xx goes
Precede the proxy rule with a -j RETURN rule for your -s client.IP and
-d server.IP. See the RETURN target in "man iptables".
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: by passing transparent proxy
2005-09-06 16:33 ` /dev/rob0
@ 2005-09-06 19:37 ` Askar
0 siblings, 0 replies; 4+ messages in thread
From: Askar @ 2005-09-06 19:37 UTC (permalink / raw)
To: netfilter
On 9/6/05, /dev/rob0 <rob0@gmx.co.uk> wrote:
>
> On Tuesday 2005-September-06 06:11, Askar wrote:
> > All teh port 80 traffic redirected to squid 3128 by ...
> >
> > $iptables -t nat -A PREROUTING -i eth0 -p tcp -s 0/0 --dport 80 -j
> > REDIRECT --to-port 3128
> >
> > Now I want to a client -s xx.xx.xx.xx access a site -d xx.xx.xx.xx
> > then his traffic by pass the squid. actaully if the client xx.xx goes
>
> Precede the proxy rule with a -j RETURN rule for your -s client.IP and
> -d server.IP. See the RETURN target in "man iptables".
> --
> mail to this address is discarded unless "/dev/rob0"
> or "not-spam" is in Subject: header
>
>
bingo :)
thanks mate
--
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
^ permalink raw reply [flat|nested] 4+ messages in thread
[parent not found: <20050906120443.25918.qmail@webmail52.rediffmail.com>]
* Re: by passing transparent proxy
[not found] <20050906120443.25918.qmail@webmail52.rediffmail.com>
@ 2005-09-06 12:32 ` Askar
0 siblings, 0 replies; 4+ messages in thread
From: Askar @ 2005-09-06 12:32 UTC (permalink / raw)
To: netfilter
On 6 Sep 2005 12:04:43 -0000, bimal pandit <bimal_pandit@rediffmail.com>
wrote:
>
> Dear Askar,
>
>
> On Tue, 06 Sep 2005 Askar wrote :
> >hi list
> >
> >i have a very simple question, we have a transparent proxy "squid" for
> our
> >users, this machine is also the default gateway for the user. which mean
> all
> >the traffic of the client do pass from this machine whether its port 80
> or
> >not.
> >All teh port 80 traffic redirected to squid 3128 by ...
> >
> >$iptables -t nat -A PREROUTING -i eth0 -p tcp -s 0/0 --dport 80 -j
> REDIRECT
> >--to-port 3128
> >
> >Now I want to a client -s xx.xx.xx.xx access a site -d xx.xx.xx.xx then
> his
> >traffic by pass the squid. actaully if the client xx.xx goes through
> squid
> >while accessing that site then the far end web server gives him
> permission
> >denied.
> >However on web server I could only allow the static ip of the client
> >xx.xxbut not the squid server. its a secure web server.
> >
> >
> >any help in this regards wil be greatly appreciated
> >
> >regards
> >
> >askar
> >
> >
>
> I dont think that accessing https request is an issue, I am quite able
> enough to get it as 443 is under safe port in my squid.conf.
>
Sorry my bad, from secure means that web server running on port 80 but only
> accessible from certain IPs (restricted by htaccess)
>
remember all connections will go through 3128 and will make high port
> connections for the transactions.
>
> hope this will help a bit.
>
> regards,
>
> Bimal
>
>
> <http://adworks.rediff.com/cgi-bin/AdWorks/sigclick.cgi/www.rediff.com/signature-home.htm/1507191490@Middle5?PARTNER=3>
--
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-09-06 19:37 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-09-06 11:11 by passing transparent proxy Askar
2005-09-06 16:33 ` /dev/rob0
2005-09-06 19:37 ` Askar
[not found] <20050906120443.25918.qmail@webmail52.rediffmail.com>
2005-09-06 12:32 ` Askar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox