Re: Urgent! Firewall and Proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

the network looks complicated why do you have the local machine connected
to two networks? Why not put the internal interface of the firewall at
192.168.1.1 ? do you need 2 firewalls?

On Mon, 12 Mar 2001, XingFei wrote:

> Thank you for your quick reply
> my situation can be illustrated as following
>                 |
>                 |                       eth0      eth1
> Internet---|---proxy-------Firewall------local machine
>                 |    server
>                 |
>                  -->Intranet
> 
> eth1: 192.168.1.1
> eth0: 129.249.178.50
> proxy server: 129.249.213.100     8080

what are the firewall IPs? is this firewall under your control? You can do
like this:

           129.249.213.100  192.168.1.1    192.168.1.x
internet ------firewall--------proxy------local-machine
                          |
                       intranet
                (rest of 192.168.x.x)

allow only the proxy to access internet through firewall. Set the proxy as
the gateway to the localnet subnet so it receives port 80 requests and
passes it to the proxy on the same machine, which goes out through the
firewall. this way the proxy can be set up not to cache anything from
192.168.x.x

> when local machines use no proxy, the rules as what I have  set worked,
> those consultants can access only given web site
> but they can not access internet
> so I told them add proxy, outside of firewall but in the intranet, in their
> Browser settings.
> And the http proxy socket port is 8080, So I think before HTTP request reach
> proxy
> it must pass the check of my firewall
> 
> but i am really not clear about whether the set of proxy does have something
> to do with
> the source addr or destination addr in the IP package sent by the local
> machines
> If it is not, what kind of thing happen after using proxy
> Could you please explain a little bit further for me?
> Thanks a lot

the proxy is simply cacheing the pages and supplying them when requested
to do so. it is not performing any network address translation in this
case. Since it allows all hosts it is sending all cached pages to all who
request. Bring the proxy inside the 192.168.x.x network and disable
caching of local network (or set up another proxy).

HTH, best wishes,
Indraneel

-- 
http://www.indialine.org

-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux