Search squid archive

Re: [help] setting up firewall policy for transparent (single-homed host) proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Mar 16, 2008 at 4:18 PM, Rachmat Hidayat Al Anshar
<rachmat_hidayat_03@xxxxxxxxx> wrote:
>
>  Hi Indunil :)
>
>  First of all, thanks a zillion for ur help before,
>  I was implemented ur suggested rules, and
>  its working, my squid box become transparent ;-)
>
>  Um, but there is some other problem disturbing
>  me here. Those rules working for a http traffic,
>  in fact, i have to redirect ftp traffic also.
>  Could u give me a favor solving this?!?! Is it
>  any added rules that i have to issue according
>  to this ftp traffic redirections, or what?

Squid is NOT a ftp proxy. If you use Open BSD's PF, it has rules for a
ftp proxy, since ftp-proxy runs on localhost.
But, in Linux, I do not know such thing. So you will have to add below
iptables rules to access ftp sites from clients.

I assume your client network is 192.168.0.0/24 and external ip is
1.2.3.4 ( ip that connects to ISP router)


/sbin/modprobe -a ip_conntrack_ftp ip_nat_ftp

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 21 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j SNAT
--to-source 1.2.3.4


>
>  I couldn't really understanding about these line
>  of rules:
>
> > iptables -t mangle -A PREROUTING -j MARK --set-mark
>  3 -p tcp --dport 80

the above rule marks packets as value 3 that are destined to port 80
But, before routing. That is why , it says PREROUTING

>  > ip rule add fwmark 3 table 2

tthen, Those makred packets as value 3 are added to a table called 2.

That's it.


-- 
Thank you
Indunil Jayasooriya

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux