Find the answer to your Linux question:
Results 1 to 6 of 6
Hi, I would lyk to get some help with configuring a firewall to forward squid traffic. I'll explain my setup. I have a firewall with iptables configured for allowing access ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2005
    Posts
    3

    Proxy traffic through firewall


    Hi,
    I would lyk to get some help with configuring a firewall to forward squid traffic. I'll explain my setup.
    I have a firewall with iptables configured for allowing access to specific services /IP in my network. The default policies for most of the chains is DROP. My proxy has a live IP and hence the proxy was directly connected to the internet. Now i need to route my squid traffic through the firewall so that the firewall becomes the single point of access/exit. That's why I have a firewall in place. Proxy has squid configured. Http port configured for squid is 8080. Firewall has iptables configured. Snort is also present. No specfic rules has been configured as far as the proxy traffic is concerned. The internet is yet being accessed on account of the live IP present on the proxy.

    Any efforts to route the traffic through the firewall hasn't helped me out.

    I know Linux in bits and pieces and have learnt much of it through R&D when I needed to get something done. This proxy rerouting seems to be beyond my reach

    Pl. help

  2. #2
    Linux User
    Join Date
    Jul 2005
    Posts
    369
    if your familar with routing on a firewall set it up to rote all out bond trafic thats on the http ports to the proxy
    All i want for christmas is a new liver....a second chance to get afflicted with Cirrhosis

  3. #3
    Just Joined!
    Join Date
    Nov 2005
    Posts
    15
    this is for proxy installed on same firewall machine.

    eth0 = lan
    eth1 = internet access

    #Web/Proxy Cache Transparent
    #iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
    #iptables -A INPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -i eth0 -p tcp --dport 3128
    #iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o eth1 -p tcp --dport 80
    #iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i eth1 -p tcp --sport 80
    #iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -o eth0 -p tcp --sport 80

    Here's some iptables rules... been fooling around a lot with my linux server at home, not yet to the proxy step. i need to practice that subject a bit more. But some rules i figured a month or 2 ago for this.
    Should be a nice lil start, but prolly some tweaking would be needed.
    Gives you a good idea.

    Let me know how you end up with this.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Nov 2005
    Posts
    3
    Quote Originally Posted by winter
    if your familar with routing on a firewall set it up to rote all out bond trafic thats on the http ports to the proxy
    Could u be a bit more specific. Perhaps detail the iptables steps for the said config. In my case the firewall with snort + iptables & the proxy are two seperate servers. So what I need to configure is to forward all the http traffic that would normally go out from the proxy server to the internet (coz it has a live ip) should be routed through the firewall on it's way to the internet.

    I hv (and am currently) tried numerous settings. But to no avail. So in desperation I hv turned to the Linux fourms.

  6. #5
    Just Joined!
    Join Date
    Nov 2005
    Posts
    3
    Quote Originally Posted by EvilC0P
    this is for proxy installed on same firewall machine.

    eth0 = lan
    eth1 = internet access

    #Web/Proxy Cache Transparent
    #iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
    #iptables -A INPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -i eth0 -p tcp --dport 3128
    #iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o eth1 -p tcp --dport 80
    #iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i eth1 -p tcp --sport 80
    #iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -o eth0 -p tcp --sport 80

    Here's some iptables rules... been fooling around a lot with my linux server at home, not yet to the proxy step. i need to practice that subject a bit more. But some rules i figured a month or 2 ago for this.
    Should be a nice lil start, but prolly some tweaking would be needed.
    Gives you a good idea.

    Let me know how you end up with this.
    Will work out with tweaking the rules u mentioned. The rules u mentioned are for a setup where firewall & proxy are on the same server. My setup is a bit different. Want to redirect the squid traffic from the proxy server via the firewall on the way to the internet. I want 2 disable the live IP on the proxy server.

    Will try to tweak the rulesets u specified.. Will let u know in case things work

  7. #6
    Just Joined!
    Join Date
    Nov 2005
    Posts
    15
    ya like i said if both r on same machine.

    -j REDIRECT.

    otherwise, use the firewall to -DNAT to ur proxy so everything web related goes tru it. and filter with ACLs with Squid.

    have fun,lemme know about the rules and stuff.
    im looking for ideas/rules to improve my skills.

    if u happen to have some idea about how to send some specific ports to go tru specific devices ( ie : eth1, eth0, ) and not via IPs (cuz all my devices r set on DHCP, no static possible), lemme know.. trying to forward some ports via some interfaces with IPTables.. i can't come up with a decent/working solution ><

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •