by passing transparent proxy

Linux Netfilter discussions
 help / color / mirror / Atom feed

* by passing transparent proxy
@ 2005-09-06 11:11 Askar
  2005-09-06 16:33 ` /dev/rob0
  0 siblings, 1 reply; 4+ messages in thread
From: Askar @ 2005-09-06 11:11 UTC (permalink / raw)
  To: netfilter

hi list

i have a very simple question, we have a transparent proxy "squid" for our 
users, this machine is also the default gateway for the user. which mean all 
the traffic of the client do pass from this machine whether its port 80 or 
not.
All teh port 80 traffic redirected to squid 3128 by ...

$iptables -t nat -A PREROUTING -i eth0 -p tcp -s 0/0 --dport 80 -j REDIRECT 
--to-port 3128

Now I want to a client -s xx.xx.xx.xx access a site -d xx.xx.xx.xx then his 
traffic by pass the squid. actaully if the client xx.xx goes through squid 
while accessing that site then the far end web server gives him permission 
denied.
However on web server I could only allow the static ip of the client
xx.xxbut not the squid server. its a secure web server.

any help in this regards wil be greatly appreciated

regards

askar

-- 
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: by passing transparent proxy
       [not found] <20050906120443.25918.qmail@webmail52.rediffmail.com>
@ 2005-09-06 12:32 ` Askar
  0 siblings, 0 replies; 4+ messages in thread
From: Askar @ 2005-09-06 12:32 UTC (permalink / raw)
  To: netfilter

On 6 Sep 2005 12:04:43 -0000, bimal pandit <bimal_pandit@rediffmail.com> 
wrote:
> 
> Dear Askar, 
> 
> 
> On Tue, 06 Sep 2005 Askar wrote :
> >hi list
> >
> >i have a very simple question, we have a transparent proxy "squid" for 
> our
> >users, this machine is also the default gateway for the user. which mean 
> all
> >the traffic of the client do pass from this machine whether its port 80 
> or
> >not.
> >All teh port 80 traffic redirected to squid 3128 by ...
> >
> >$iptables -t nat -A PREROUTING -i eth0 -p tcp -s 0/0 --dport 80 -j 
> REDIRECT
> >--to-port 3128
> >
> >Now I want to a client -s xx.xx.xx.xx access a site -d xx.xx.xx.xx then 
> his
> >traffic by pass the squid. actaully if the client xx.xx goes through 
> squid
> >while accessing that site then the far end web server gives him 
> permission
> >denied.
> >However on web server I could only allow the static ip of the client
> >xx.xxbut not the squid server. its a secure web server.
> >
> >
> >any help in this regards wil be greatly appreciated
> >
> >regards
> >
> >askar
> >
> >
> 
> I dont think that accessing https request is an issue, I am quite able 
> enough to get it as 443 is under safe port in my squid.conf.
> 


Sorry my bad, from secure means that web server running on port 80 but only 
> accessible from certain IPs (restricted by htaccess)
> 


remember all connections will go through 3128 and will make high port 
> connections for the transactions.
> 
> hope this will help a bit.
> 
> regards,
> 
> Bimal
>  
> 
> <http://adworks.rediff.com/cgi-bin/AdWorks/sigclick.cgi/www.rediff.com/signature-home.htm/1507191490@Middle5?PARTNER=3> 




-- 
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: by passing transparent proxy
  2005-09-06 11:11 by passing transparent proxy Askar
@ 2005-09-06 16:33 ` /dev/rob0
  2005-09-06 19:37   ` Askar
  0 siblings, 1 reply; 4+ messages in thread
From: /dev/rob0 @ 2005-09-06 16:33 UTC (permalink / raw)
  To: netfilter

On Tuesday 2005-September-06 06:11, Askar wrote:
> All teh port 80 traffic redirected to squid 3128 by ...
>
> $iptables -t nat -A PREROUTING -i eth0 -p tcp -s 0/0 --dport 80 -j
> REDIRECT --to-port 3128
>
> Now I want to a client -s xx.xx.xx.xx access a site -d xx.xx.xx.xx
> then his traffic by pass the squid. actaully if the client xx.xx goes

Precede the proxy rule with a -j RETURN rule for your -s client.IP and 
-d server.IP. See the RETURN target in "man iptables".
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: by passing transparent proxy
  2005-09-06 16:33 ` /dev/rob0
@ 2005-09-06 19:37   ` Askar
  0 siblings, 0 replies; 4+ messages in thread
From: Askar @ 2005-09-06 19:37 UTC (permalink / raw)
  To: netfilter

On 9/6/05, /dev/rob0 <rob0@gmx.co.uk> wrote:
> 
> On Tuesday 2005-September-06 06:11, Askar wrote:
> > All teh port 80 traffic redirected to squid 3128 by ...
> >
> > $iptables -t nat -A PREROUTING -i eth0 -p tcp -s 0/0 --dport 80 -j
> > REDIRECT --to-port 3128
> >
> > Now I want to a client -s xx.xx.xx.xx access a site -d xx.xx.xx.xx
> > then his traffic by pass the squid. actaully if the client xx.xx goes
> 
> Precede the proxy rule with a -j RETURN rule for your -s client.IP and
> -d server.IP. See the RETURN target in "man iptables".
> --
> mail to this address is discarded unless "/dev/rob0"
> or "not-spam" is in Subject: header
> 
> 
bingo :)

thanks mate

-- 
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2005-09-06 19:37 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-09-06 11:11 by passing transparent proxy Askar
2005-09-06 16:33 ` /dev/rob0
2005-09-06 19:37   ` Askar
     [not found] <20050906120443.25918.qmail@webmail52.rediffmail.com>
2005-09-06 12:32 ` Askar

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox