squid/iptables problem

Protecting your Linux box
Post Reply
mushtaq
Havaldaar
Posts: 144
Joined: Sat Jul 01, 2006 10:55 am
Location: karachi

squid/iptables problem

Post by mushtaq »

Asalamualikum,

i am using squid as my transparent proxy server on my gateway machine.

Problem is that guyz can enter different proxy server addresses to bypass the proxy server what is the solution. Below is one of the address they are using.

165.228.133.10(ip) 3128(port)

My IPTables contain two rules

iptables -t nat -A PREROUTING -i eth1 -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT 3128

iptables -t nat -A POSTROUTING -j MASQUERADE

i dont understand where it is causing them to access outside directly.

any help will be appreciated.

Best regds
mushtaq
Life is just a deception from truth
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear mushtaq,
Salam,

Limit their connections. You need to read more and more about iptables and squid.

Best Regards.
Farrukh Ahmed
ranatanveer
Subedar
Posts: 355
Joined: Sat May 07, 2005 11:54 am
Location: Lahore
Contact:

Post by ranatanveer »

Regards

Rana Tanveer
+923224194457
Linux Student

For Affordable Web Development http://www.affordableprogrammers.com
http://www.qualityprogrammers.com
abakali
Naik
Posts: 91
Joined: Wed Jun 01, 2005 5:38 pm

Re: squid/iptables problem

Post by abakali »

mushtaq wrote:Asalamualikum,

i am using squid as my transparent proxy server on my gateway machine.

Problem is that guyz can enter different proxy server addresses to bypass the proxy server what is the solution. Below is one of the address they are using.

165.228.133.10(ip) 3128(port)

My IPTables contain two rules

iptables -t nat -A PREROUTING -i eth1 -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT 3128



i dont understand where it is causing them to access outside directly.

any help will be appreciated.

Best regds
mushtaq
AOA

replace with this to more secure

IPTABLES -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -m multiport -d ! 192.168.0.0/24 --dports 80,81,82,83,84,85,8080,50000 -j REDIRECT --to-port 3128
IPTABLES -A FORWARD -s 192.168.0.0/24 -p tcp -m multiport -d ! 192.168.0.0/24 --dports 80,81,82,83,84,85,8080,50000 -j REJECT
IPTABLES -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).
Post Reply