iptables newbie: help with transparent proxy, ssl

Support for security such as Firewalls and securing linux
Post Reply
joefish
Posts: 2
Joined: 2011/07/14 23:50:47

iptables newbie: help with transparent proxy, ssl

Post by joefish » 2011/08/07 12:39:05

I have a router box set up with eth0 as wan and eth1 as lan, and a basic firewall set up as so:

[code]#!/bin/bash

# Flush all current rules from iptables
iptables -F

# Set default policies for INPUT, FORWARD and OUTPUT chains
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Set access for localhost
iptables -A INPUT -i lo -j ACCEPT

# SSH
iptables -A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT

# Pings
iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -m state --state NEW -j ACCEPT

# DHCP
iptables -I INPUT -i eth1 -p udp --dport 67:68 --sport 67:68 -j ACCEPT

# Squid Proxy
iptables -A INPUT -p tcp --dport 3128 -m state --state NEW -j ACCEPT

# Accept packets belonging to established and related connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Save settings
service iptables save[/code]

Squid is set up to work transparently. I can browse the web by putting the proxy setting in the browser, but not without. The rule I added to the above was:

[code]iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128[/code]

... but it doesn't seem to work.

I'm also stuck getting HTTPS browsing to work, I've tried various rule examples that I found by searching but none of them seem to work - the result is an instant "Firefox can't find the server at https://..."

Thanks for your help.

yyagol
Posts: 1015
Joined: 2006/06/10 18:27:44
Location: 32 4′N 34 47′E
Contact:

iptables newbie: help with transparent proxy, ssl

Post by yyagol » 2011/08/15 05:19:41

can you post the squid configuration pls

Post Reply

Return to “CentOS 6 - Security Support”