Table of Contents
Advertisement
Example 41.1 Firewall Configuration: Option 15
# 15.)
# Which accesses to services should be redirected to a local port
# on the firewall machine?
#
# This can be used to force all internal users to surf via your
# Squid proxy, or transparently redirect incoming Web traffic to
# a secure Web server.
#
# Choice: leave empty or use the following explained syntax of
# redirecting rules, separated with spaces.
# A redirecting rule consists of 1) source IP/net,
# 2) destination IP/net, 3) original destination port and
# 4) local port to redirect the traffic to, separated by a colon,
# e.g. "10.0.0.0/8,0/0,80,3128 0/0,172.20.1.1,80,8080"
The comments above show the syntax to follow. First, enter the IP address and the
netmask of the internal networks accessing the proxy firewall. Second, enter the IP
address and the netmask to which these clients send their requests. In the case of Web
browsers, specify the networks 0/0, a wild card that means "to everywhere." After
that, enter the original port to which these requests are sent and, finally, the port to
which all these requests are redirected. Because Squid supports protocols other than
HTTP, redirect requests from other ports to the proxy, such as FTP (port 21), HTTPS,
or SSL (port 443). In this example, Web services (port 80) are redirected to the proxy
port (port 3128). If there are more networks or services to add, they must be separated
by a blank space in the respective entry.
FW_REDIRECT_TCP="192.168.0.0/16,0/0,80,3128 192.168.0.0/16,0/0,21,3128"
FW_REDIRECT_UDP="192.168.0.0/16,0/0,80,3128 192.168.0.0/16,0/0,21,3128"
To start the firewall and the new configuration with it, change an entry in the /etc/
sysconfig/SuSEfirewall2 file. The entry START_FW must be set to "yes".
Start Squid as shown in
Section 41.3, "Starting Squid"
(page 783). To check if everything
is working properly, check the Squid logs in /var/log/squid/access.log.
To verify that all ports are correctly configured, perform a port scan on the machine
from any computer outside your network. Only the Web services (port 80) should be
open. To scan the ports with nmap, the command syntax is nmap -O IP_address.
The Proxy Server Squid
793
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007
Related Products for Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007
- NOVELL BUSINESS CONTINUITY CLUSTERING FOR NETWARE 1.1 - ADMINISTRATION
- NOVELL BUSINESS CONTINUITY CLUSTERING 1.1 SP2 - ADMINISTRATION
- NOVELL LINUX ENTERPRISE 11 - HIGH AVAILABILITY
- NOVELL LINUX ENTERPRISE DESKTOP 11 - GNOME
- NOVELL LINUX ENTERPRISE DESKTOP 11 - KDE
- NOVELL LINUX ENTERPRISE SERVER 10 - ARCHITECTURE-SPECIFIC INFORMATION 11-12-2006
- NOVELL LINUX ENTERPRISE 11 SP1 - LINUX AUDIT
- Novell LINUX ENTERPRISE SERVER 11 SUSE
- NOVELL DATA SYNCHRONIZER - UPDATE 1
- NOVELL LINUX ENTERPRISE SERVER 10 SP1 - ARCHITECTURE-SPECIFIC INFORMATION 15-03-2007
- NOVELL LINUX ENTERPRISE SERVER 10 SP3 - ARCHITECTURE-SPECIFIC
- NOVELL ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - COMMAND LINE UTILITIES REFERENCE 10.3 30-03-2010
- NOVELL APPARMOR 1.2 - QUICK GUIDE AND
- NOVELL APPARMOR 1.2
- NOVELL OPEN WORKGROUP SUITE SMALL BUSINESS EDITION 9.3 - ADMINISTRATION 10-2007
- Novell SUSE LINUX ENTERPRISE DESKTOP 10 SP1 KDE