[linux-network] transparent proxy ve iptables

---------

New Message Reply About this list Date view Thread view Subject view Author view Attachment view

From: koray@nsswb.com
Date: Tue 17 Feb 2004 - 14:49:24 EST

  • Next message: a_genc2000: "[linux-network] ssh ile ilgili cok acil"

    merhabalar
    sorunum su ki;
    transparent proxy`i bir turlu calistiramadim.
    (normal olarak calisiyor)

    iptables ile yazdigim kurallar sunlar

    -------------------------------------------
    echo \"1\" > /proc/sys/net/ipv4/ip_forward
    iptables -N block
    iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A block -m state --state NEW -i ! $IntIF -j ACCEPT
    iptables -A block -s 127.0.0.1 -j ACCEPT
    iptables -A block -d $IntIP -p tcp --destination-port $SQUID -j ACCEPT
    iptables -t nat -A PREROUTING -p tcp -s 10.0.0.0/24 --dport 80 -j DNAT --to 127.0.0.1:3128
    iptables -A block -i $IntIF -p udp --destination-port 53 -j ACCEPT
    iptables -A block -j DROP
    iptables -A INPUT -j block
    iptables -A FORWARD -j block

    (dis ethernet masquerade yapan bir modemin arkasinda, o yuzden tekrar masq. yaptirmadim)
    -----------------------------------------------------------------

    squid.conf ise su sekilde

    ------------------------------------------

    http_port 3128

    acl QUERY urlpath_regex cgi-bin \\?
    no_cache deny QUERY

    cache_mem 128 MB

    maximum_object_size 4096 KB
    minimum_object_size 0 KB

    cache_dir ufs /var/spool/squid 2048 16 256

    acl all src 0.0.0.0/0.0.0.0
    # acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl local src 10.0.0.0/255.255.255.0
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    #acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    #acl Safe_ports port 70 # gopher
    #acl Safe_ports port 210 # wais
    #acl Safe_ports port 1025-65535 # unregistered ports
    #acl Safe_ports port 280 # http-mgmt
    #acl Safe_ports port 488 # gss-http
    #acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT

    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localhost
    http_access allow local

    icp_access allow all

    httpd_accel_host virtual
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on
    httpd_accel_port 80
    httpd_accel_single_host off

    -------------------------------------------------

    acaba nerede yanlis yapiyorum?

    tesekkur ederim

  • Next message: a_genc2000: "[linux-network] ssh ile ilgili cok acil"
    New Message Reply About this list Date view Thread view Subject view Author view Attachment view

    ---------

    Bu arsiv hypermail 2.1.6 tarafindan uretilmistir.