Hello,
I'm a Linux newbie crossing over from the Windows world. I just set up a server with SUSE Linux 10.2, SQUID 2.6? (the newest), and DansGuardian for filtering. I'm trying to setup a second NIC for use with the DHCP Server which I've installed under YaST. The second NIC connects to a wireless AP which will assign IPs to various laptops which must be filtered. The laptops are getting an IP address, and can browse the web if I turn on 'masquerading' at the SUSE firewall. However, they are not filtered. I would like all web requests to forward to port 8080 of Dansguardian, but don't know how. I figured it should be in the 'masquerading' section of the SUSE firewall, but I can't get it to work. If I put in 10.0.0.150 - port 8080 under the proxy settings on the client, then browsing is filtered. So, everything is in place, but I don't want to enter the proxy settings and still have it filtered. In other words, all requests should forward to 8080.
Thanks for any help....
2007-03-08 12:33:17 · 2 answers · asked by TECH 5 in Computers & Internet ➔ Security
Masquerading changes the internal ip requests from one network to another ip for routing on that other network. Typically this is used to allow internal ip's such as on a 10. net to access the internet as the external internet ip address.
Assuming that what you have is masq on the external nic which has an internet ip and is directly connected to the internet, and that the internal net including the server, AP, and laptops is all on the same subnet (not masq'ing the ap connections of 10. to say 192.168. net on the linux box and also masq'ing out to the internet), I would think you're interested in setting up transparent proxying so all internal pc's automatically get proxied without having to configure them independently, which also allows the possibility of someone just taking out the proxy settings and having unfiltered and/or uncached access.
In this case, what you want to do is set a firewall rule on the nic that is attached to the AP which does a port redirect of all external http requests (port 80) to the proxy port (8080 or 3128)
Hopefully the kernel is already compiled with the proper settings and you don't have to recompile the kernel. But recompiling isn't that bad. I usually recompile the default kernel on machines just to optimize it for the specific hardware it's running on even if everything needed is already compiled in.
See the following for details:
http://tldp.org/HOWTO/TransparentProxy.html
http://www-uxsup.csx.cam.ac.uk/pub/doc/suse/suse9.3/suselinux-adminguide_en/sec.squid.proxyconfigtrans.html
2007-03-09 12:35:39 · answer #1 · answered by Anonymous · 0⤊ 0⤋
Suse Firewall
2016-10-19 04:22:03 · answer #2 · answered by ? 4 · 0⤊ 0⤋