El vie, 10 de 09 de 2004 a las 07:36, Manikandan escribiÃ: > Hi all, > > > > I have a local LAN (10.35.50.0/24) which is connected to my linux > firewall/gateway running iptables for internet access using an internet > link. My LAN is connected to other subnets using a leased line. > > > > I had to add a few routes in my linux gateway (running iptables) to enable > my LAN clients to access servers in other subnets and networks which are in > the range of 10.0.0.0/8 and 97.0.0.0/8. > > > > Everything seems to be working fine. But recently I found that one of my LAN > clients is running an Analog proxy. Few users sitting in other networks are > using this proxy and able to access internet. > > > > My firewall is configured to allow traffic to internet from LAN only > (10.35.50.0/24). As the proxy is inside this network, firewall allows the > traffic. > > > > How do I stop this? I don't want users in other network to access internet > through my iptables. Please help me. Thanks in advance. > > You could look at your logs and find the port analog is using. If it's not a port you want to have opened then you should close it in the firewall. If it's a port you need, let's say port 80, then it's a little more complicated. You could use some kind of application proxy to stop people from using this kind of applications. > > Regards, > > Manikandan > > -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
