[Masq] Squid Proxy Runing on Masquerade Machine

Tue, 26 Mar 2002 23:23:36 -0800 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */

Hi to all,

Im running SquidProxy server via port 3128 on my Masquerade Machine. I want
my Masquerade to work as a proxy server. How could i set an ipchains policy
in which only this services whould be allowed(for security reasons) and a
specified users should be permitted to connect with this port.

I've set this rules but it doesnt work fine:

Client_Lan_Interface="eth1"
Server_Lan_Interface="eth0"
Loopback_Interface="lo"
Client_Lan="192.168.1.0/24"
External_Interface_IP="203.87.157.2/32"
Internal_Interface_IP="192.168.1.254/32"
Any="0.0.0.0/0"
Unpriviledge="1024:65535"


#WWW Priviledge

pepebona="192.168.1.217/32"
irenem="192.168.1.154/32"
warehouse="192.168.1.127/32"
mikecarel="192.168.1.67/32"
APT_Dial_In="192.168.1.9/32"
/sbin/ipchains -P input   REJECT
/sbin/ipchains -P output  REJECT
/sbin/ipchains -P forward REJECT

/sbin/ipchains -A input -i $Loopback_Interface -j ACCEPT
/sbin/ipchains -A output -i $Loopback_Interface -j ACCEPT

#Proxy

/sbin/ipchains -A input -i $Client_Lan_Interface -p tcp -s
$Internal_Interface_IP  -d $Any  -j ACCEPT
/sbin/ipchains -A output -i $Client_Lan_Interface -p tcp -s $Any -d
$Internal_Interface_IP  -j ACCEPT
/sbin/ipchains -A input -i $Client_Lan_Interface -p tcp -s
$External_Interface_IP  -d $Any  -j ACCEPT
/sbin/ipchains -A output -i $Client_Lan_Interface -p tcp -s $Any -d
$External_Interface_IP  -j ACCEPT

#pepebona
/sbin/ipchains -A input -i $Client_Lan_Interface -p tcp -s $pepebona
$Unpriviledge -d $Internal_Interface_IP 3128 -j ACCEPT
/sbin/ipchains -A output -i $Client_Lan_Interface -p tcp -s
$Internal_Interface_IP 3128 -d $pepebona $Unpriviledge -j ACCEPT

#All internal traffic is masqueraded internally
/sbin/ipchains -A forward -i $Client_Lan_Interface -s $Client_Lan -d $Any -j
MASQ


Please help, im stuck here.

Mike

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to