squid/iptables problem

Protecting your Linux box
mushtaq
Havaldaar
Posts: 144
Joined: Sat Jul 01, 2006 10:55 am
Location: karachi

squid/iptables problem

Postby mushtaq » Mon Mar 05, 2007 8:44 am

Asalamualikum,

i am using squid as my transparent proxy server on my gateway machine.

Problem is that guyz can enter different proxy server addresses to bypass the proxy server what is the solution. Below is one of the address they are using.

165.228.133.10(ip) 3128(port)

My IPTables contain two rules

iptables -t nat -A PREROUTING -i eth1 -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT 3128

iptables -t nat -A POSTROUTING -j MASQUERADE

i dont understand where it is causing them to access outside directly.

any help will be appreciated.

Best regds
mushtaq
Life is just a deception from truth

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Mon Mar 05, 2007 9:15 am

Dear mushtaq,
Salam,

Limit their connections. You need to read more and more about iptables and squid.

Best Regards.
Farrukh Ahmed

ranatanveer
Subedar
Posts: 355
Joined: Sat May 07, 2005 11:54 am
Location: Lahore
Contact:

Postby ranatanveer » Mon Mar 05, 2007 9:18 am

Regards

Rana Tanveer
+923224194457
Linux Student

For Affordable Web Development http://www.affordableprogrammers.com
http://www.qualityprogrammers.com

abakali
Naik
Posts: 91
Joined: Wed Jun 01, 2005 5:38 pm

Re: squid/iptables problem

Postby abakali » Mon Mar 05, 2007 11:26 am

mushtaq wrote:Asalamualikum,

i am using squid as my transparent proxy server on my gateway machine.

Problem is that guyz can enter different proxy server addresses to bypass the proxy server what is the solution. Below is one of the address they are using.

165.228.133.10(ip) 3128(port)

My IPTables contain two rules

iptables -t nat -A PREROUTING -i eth1 -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT 3128



i dont understand where it is causing them to access outside directly.

any help will be appreciated.

Best regds
mushtaq


AOA

replace with this to more secure

IPTABLES -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -m multiport -d ! 192.168.0.0/24 --dports 80,81,82,83,84,85,8080,50000 -j REDIRECT --to-port 3128
IPTABLES -A FORWARD -s 192.168.0.0/24 -p tcp -m multiport -d ! 192.168.0.0/24 --dports 80,81,82,83,84,85,8080,50000 -j REJECT
IPTABLES -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).


Return to “Security”

Who is online

Users browsing this forum: No registered users and 1 guest