squid/iptables problem

Protecting your Linux box

squid/iptables problem

Postby mushtaq » Mon Mar 05, 2007 8:44 am

Asalamualikum,

i am using squid as my transparent proxy server on my gateway machine.

Problem is that guyz can enter different proxy server addresses to bypass the proxy server what is the solution. Below is one of the address they are using.

165.228.133.10(ip) 3128(port)

My IPTables contain two rules

iptables -t nat -A PREROUTING -i eth1 -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT 3128

iptables -t nat -A POSTROUTING -j MASQUERADE

i dont understand where it is causing them to access outside directly.

any help will be appreciated.

Best regds
mushtaq
Life is just a deception from truth
mushtaq
Havaldaar
 
Posts: 144
Joined: Sat Jul 01, 2006 10:55 am
Location: karachi

Re:

Postby LinuxFreaK » Mon Mar 05, 2007 9:15 am

Dear mushtaq,
Salam,

Limit their connections. You need to read more and more about iptables and squid.

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Postby ranatanveer » Mon Mar 05, 2007 9:18 am

Regards

Rana Tanveer
+923224194457
Linux Student

For Affordable Web Development http://www.affordableprogrammers.com
http://www.qualityprogrammers.com
ranatanveer
Subedar
 
Posts: 355
Joined: Sat May 07, 2005 11:54 am
ICQ: 133032001
Website: http://www.affordableprogrammers.com
WLM: ranatanveer@gmail.com
Yahoo Messenger: ranahard@yahoo.com
Location: Lahore

Re: squid/iptables problem

Postby abakali » Mon Mar 05, 2007 11:26 am

mushtaq wrote:Asalamualikum,

i am using squid as my transparent proxy server on my gateway machine.

Problem is that guyz can enter different proxy server addresses to bypass the proxy server what is the solution. Below is one of the address they are using.

165.228.133.10(ip) 3128(port)

My IPTables contain two rules

iptables -t nat -A PREROUTING -i eth1 -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT 3128



i dont understand where it is causing them to access outside directly.

any help will be appreciated.

Best regds
mushtaq


AOA

replace with this to more secure

IPTABLES -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -m multiport -d ! 192.168.0.0/24 --dports 80,81,82,83,84,85,8080,50000 -j REDIRECT --to-port 3128
IPTABLES -A FORWARD -s 192.168.0.0/24 -p tcp -m multiport -d ! 192.168.0.0/24 --dports 80,81,82,83,84,85,8080,50000 -j REJECT
IPTABLES -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).
abakali
Naik
 
Posts: 91
Joined: Wed Jun 01, 2005 5:38 pm


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 1 guest