Re: [Linux-ag] Squid (package squid is not installed) (transparent proxy + firew

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: cem es (cem_es@hotmail.com)
Date: Fri 15 Oct 2004 - 14:38:53 EEST

Previous message: Ferhat Hanlar (Telcoset): "[Linux-ag] fwbuilder"
Next in thread: Devrim GUNDUZ: "Re: [Linux-ag] Squid (package squid is not installed) (transparent proxy + firew"

Devrim bey tavsiyeleriniz icin cok tesekkür ederim.

Squid'i rpm olarak tekrar kurdum tek basina proxy olarak su anda calisiyor
ama normalden daha yavas aciliyor sayfalar birinci sorunum bu. (squidin
calistigi bilgisayar Pentium II 256 Ram var)

ikincisi ise iptables la yaptigim firewall'a asagidaki satiri yazdigimda
transparent proxy olarak calismiyor istemciler Cannot find server or DNS
Error hatası aliyor
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to
3128
satirini tek basina calistirdigimda transparent proxy olarak ta calisiyor.

firewall scriptim asagida yardimci olursaniz cok sevinirim

# Disable forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward

DMZ_IP_NET='192.168.2.1/24'
DMZ_NIC='eth0'

WAN_IP='212.174......'
WAN_NIC='eth1'

LAN_IP_NET='192.168.0.1/24'
LAN_NIC='eth2'

# load some modules (if needed)
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp

# Flush
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# enable Masquerade and forwarding for DMZ Network
iptables -t nat -A POSTROUTING -s $DMZ_IP_NET -j MASQUERADE
iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE

iptables -A FORWARD -j ACCEPT -i $DMZ_NIC -s $DMZ_IP_NET
iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# Open ports on router for server/services
iptables -A INPUT -j ACCEPT -p tcp --dport 80 #HTTP
iptables -A INPUT -j ACCEPT -p tcp --dport 3389 #TS
iptables -A INPUT -j ACCEPT -p tcp --dport 21 #FTP
iptables -A INPUT -j ACCEPT -p tcp --dport 22 #SSH

# STATE RELATED for router
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Open ports to server on DMZ
iptables -A FORWARD -j ACCEPT -p tcp --dport 80
iptables -A FORWARD -j ACCEPT -p tcp --dport 3389
iptables -A FORWARD -j ACCEPT -p tcp --dport 21
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
192.168.2.200:80
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 3389 -j DNAT --to
192.168.2.200:3389
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 21 -j DNAT --to
192.168.2.200:21

iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
192.168.0.230:3128

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.com/

_______________________________________________
Linux-ag mailing list
Linux-ag@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-ag

Previous message: Ferhat Hanlar (Telcoset): "[Linux-ag] fwbuilder"
Next in thread: Devrim GUNDUZ: "Re: [Linux-ag] Squid (package squid is not installed) (transparent proxy + firew"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

Bu arsiv hypermail 2.1.2 tarafindan uretilmistir.