[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Nufw-users] Re: nufw and squid
|
From: |
Eric Leblond |
|
Subject: |
[Nufw-users] Re: nufw and squid |
|
Date: |
Mon, 14 Nov 2005 23:19:37 +0100 |
Hi,
Le lundi 14 novembre 2005 à 18:11 +0100, maria perez a écrit :
> Hello Eric
>
> I am sorry annoy you again but I have some problems to config properly
> iptables to work with squid and nufw and maybe you can help.
>
> According to your instructions to config nufw and squid, I want to redirect
> the port 80 to the port 3128 in PREROUTING ( or in mangle table). In the
> config of transparent squid without nufw I did redirect it in the OUTPUT
> chain of nat table.
you should not change the rules in NAT. Do you mean you are using squid
on the same host ? I don't get it ...
could you send to the list an ascii art about your config
> Maybe I didn't understand you properly: I understood I have to put this rule
> in PREROUTING of nat table or in the mange table.
>
> I have been trying to config it but haven't achieved it, I have probed with:
>
> iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128
>
> and other variants:
>
> iptables -t nat -A PREROUTING -p tcp -s ! 192.168.1.29/24 --dport 80 -j
> REDIRECT --to-ports 3128
>
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
> --to-ports 3128
>
> iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 127.0.0.1:3128
>
>
> I have read the REDIRECT option is not allowed in the mangle table.
> How could I redirect the ports suitably? I don't know iptables in depth.
>
> Thank you very much for your help Eric
>
> Best Regards
> Maria D.
>
>
> >From: Eric Leblond <address@hidden>
> >To: maria perez <address@hidden>
> >CC: address@hidden
> >Subject: Re: nufw and squid
> >Date: Fri, 11 Nov 2005 15:14:52 +0100
> >
> >Le vendredi 11 novembre 2005 à 10:47 +0100, maria perez a écrit :
> > > Hello
> >
> > > The only users i have to check are the system users, in order to achieve
> > > this I have to config nuauth to does authentication against PAM, then i
> > > think the module for acl must be plaintext.(although i don't understand
> > > well what role acls fulfill if my acls are defined in the plugin
> >squidguard)
> >
> >you need iptables/netfilter rules to select flow that you want to
> >authenticate. Next, NuFW has to authorize the packet to go through. As
> >NuFW knows sabout users we have to tolld him which user can reach the
> >proxy. Thus, a storage for NuFW acl is needed.
> >In you case, you can have a dummy ACL which authorize everything on port
> >80 for anybody. The squid will manage permission afterward.
> >
> > > Is all correct?
> >
> >yes :-))
> >
> >BR,
> >
> >Eric
> >
> > >
> > > Kind regards
> > > Maria
> > >
> > > >From: Eric Leblond <address@hidden>
> > > >To: maria perez <address@hidden>
> > > >CC: address@hidden
> > > >Subject: Re: [Nufw-users] nufw and squid
> > > >Date: Wed, 02 Nov 2005 11:54:53 +0100
> > > >
> > > >Le mercredi 02 novembre 2005 à 10:46 +0100, maria perez a écrit :
> > > > > Hi,
> > > > > I am new in this list.
> > > > > I have discovered nufw searching solutions to my problem. I have
> >working
> > > >in
> > > > > a tool for paternal control of the web use. We are using the proxy
> >squid
> > > >to
> > > > > the content filter and we need establish transparent authentication
> >for
> > > > > users at the same time the proxy works in transparent manner.
> > > > > I have read nufw offer these capacitys with the module
> > > >squid-nufw-helper. If
> > > > > i am not in a mistake about with nufw is possible squid works like
> > > > > transparent proxy and offer transparent authenticacion to the system
> > > >users.
> > > > > The idea is squid run in the same host, (like local proxy), with
> > > >squidguard
> > > > > to filter the web traffic.
> > > > > Have you any notice about similar attempt?
> > > >
> > > >Yes, it is a setup that we already thought of and I think some people
> > > >have work to achieve this.
> > > >
> > > > > How does it work nufw with squid?
> > > >
> > > >You need to use the SQL database event storage and set up
> > > >squid-nufw-helper.
> > > >
> > > > > Could you to guide me in this direction?
> > > >
> > > >The main idea is that you have to put filtering rules in PREROUTING|
> > > >mangle as the filtering needs to occur before the NAT is done.
> > > >If you do filtering in FORWARD the destination of the packet will be
> > > >changed and the nufw client will send erroneous packet.
> > > >
> > > > > Thank you in advance for your attention, and excuse me my irregular
> > > >english.
> > > >
> > > >No problem, I'm not a native speaker too ;-)
> > > >
> > > >Don't hesitate to mail back if you need more details.
> > > >
> > > >BR,
> > > >--
> > > >Eric Leblond <address@hidden>
> > > >
> > >
> > > _________________________________________________________________
> > > Descubre la descarga digital con MSN Music. Más de medio millón de
> > > canciones. http://music.msn.es/
> > >
>
>
> ><< signature.asc >>
>
> _________________________________________________________________
> Un amor, una aventura, compañía para un viaje. Regístrate gratis en MSN Amor
> & Amistad. http://match.msn.es/match/mt.cfm?pg=channel&tcid=162349
>
signature.asc
Description: This is a digitally signed message part
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Nufw-users] Re: nufw and squid,
Eric Leblond <=