Linux Forums - Linux Help,Advice & support community:LinuxSolved.com
Network Troublshooting => Linux Proxy Server Support => Topic started by: ilias on August 30, 2005, 06:45:59 AM
-
Hi all <-> Ricky
As I have successfully configured Squid Transparent proxy using the tutorial using this forum. This happnd 3 month back.
Now I am facing some problems. My squid server Ip has been in Included in the black list stating some one is using my Ip for spaming. So my clients are not able to send mails and browse certain servers.
Now what i have to do, what security tunning has b done. I am putting the transparent proxy script which i have written in rc.nat.
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
echo 1 > /proc/sys/net/ipv4/ip_forward
and i have open ssh port 22 for remote access. Do i need to blcok that.
if s how can i enable to a particular IP say 61.9.89.2
I need help desperately
-
You can only have a good firewall and you should so some monitoring and check out that what sorta application are running on your network and you have to analyse then you will be alble to decide the solution.
BTW.. for a firewall ... you can use firestarter ! or create firewall manually. YOu have asked something similar and I have answered it ---> Opening SSH port (http://www.linuxsolved.com/forums/ftopic1478.html)
-
HI all
By using this forum lot of newbies like me are learning and installing transparent proxy and reaping the benefits, without knowing the risk of outside attack. To aviod this we all must do some thing. HOpe !!!!!!
As i have given my transparent proxy script, pls ricky give some manual firewall script to protect my network and my ISP has given 2 days time to secure or he vil block my IP
-
MY ISP is saying my proxy is open proxy server. How to aviod this my iptable commands
-
Ilias.
first of all I want to tell you that your proxy is not an open proxy at all (if you have followed my tutorial). This is because in squid.conf we are only allowing our lan to access and use it. So any request from internet will not work. ..
Anyways. I can give you one line which can be enough for your current situation, add this to rc.nat .
Taking eth0 as your internet connection..
iptables -A INPUT -i eth0 -p tcp --syn -j DROP
Above rule will accept only those connection from internet those are initiated by your computer. Which means if someone wants to access your proxy server then he will not be able to do so as he has to first ask your computer (send request) but your computer will ignore as this connection is not initiated by itself.
Hope you understand..
Say you want to open a single port like port 22 ! then u can do
iptables -A INPUT -i eth0 -p tcp --syn --destination-port ! 22 -j DROP
By above anyone can ask for service available on port 22.
I want to tell you another rule by which you can disable any port to for internet yet available to your LAN. Say we want to drop all incoming request from internet on port 3128 then we can do following (considering eth0 as ur internet)
iptables -A INPUT -p tcp --destination-port 3128 -i eth0 -j DROP
Hope now you got even more idea ! :)
-
Tks a ton ricky once again
using a link http:// http://www.richard.zonnet.nl/cgi-bin/nph-proxycheck, i have screened my box. pls go through it. And as per the output what is the term 'filtered' means
Open proxy check
Checking your computer (x.x.x.x) for common open proxies... Please wait until the page is loaded
To check: hosts=1, proto:ports=63, host:proto:ports=63
x.x.x.x:ho:80: HTTP request refused or failed (403)
x.x.x.x:hu:80: HTTP request refused or failed (403)
x.x.x.x:hc:80: HTTP request refused or failed (403)
NumOpen=0(0) NRead=3992 Time=10
If 'NumOpen' is larger than 0 you have an open proxy. Please close it down as soon as possible.
If 'NumOpen' is 0 no proxy could be detected, we only test a few of the many possible ports.
Now scanning your computer for common open ports... Please wait until the page is loaded
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-09-01 08:12 CEST
Interesting ports on x.x.x.x (The 1639 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
103/tcp filtered gppitnp
111/tcp open rpcbind
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
1025/tcp filtered NFS-or-IIS
1080/tcp filtered socks
1241/tcp filtered nessus
1720/tcp filtered H.323/Q.931
3128/tcp filtered squid-http
4444/tcp filtered krb524
4899/tcp filtered radmin
5000/tcp filtered UPnP
6000/tcp open X11
6112/tcp filtered dtspc
6588/tcp filtered analogx
8080/tcp filtered http-proxy
10000/tcp open snet-sensor-mgmt
12345/tcp filtered NetBus
Nmap run completed -- 1 IP address (1 host up) scanned in 16.750 seconds
If you see open ports like 135, 137 and 445 your computer is potentially vulnerable.
-
btw that test is showing that you don't have any open proxy server now as NumOpen = 0 .
I think filtered here means blocked or something ie. handled by firewall.
-
S ricky i have noticed that, and conveyed to my ISP. And searching for what this "filtered" means. It shows some ports filtered how to close those ports i have written iptable command in rc.nat still it shows filtered.
iptables -A INPUT -p tcp -i eth0 --dport 4899 -j ACCEPT
-
Whatever you want to drop from internet (eth0 in ur case) then you can use following rule per port.
iptable -A INPUT -p tcp -i eth0 --dport 6588 -j DROP
Replace 6588 with any port you want.
-
btw.. I think filtered means block because in our rule we are not even replying the request so when there is no reply for their request then their computer knows that ports are being filtered ie. are firewalled.
-
Dear Ilias and Ricky
i have readed your explaintation about firewall on proxy but i have some wonder need you to show me clearly than . i want to know how to block port from out side that want to log in our sever and monitor for controll all port that we access one thing i hear my friend in here they talk about firewall that they make by them sefl so can you tell me if i use scripts you show me on forum so i shout install firewall ornt . and if i install can you tell me pakage for install it . Thank you for you help all the time when i need you to help me and about my trainsparent proxy it woking fine but about the port that i ask you befor now i use tow ways i use script
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 : for suffing internet
and i use MASQURADE for suffing port like i ask you befor 8080 or 32000 ........ it working fine
....................Wish you have agood Luck oh if you want to visite Cambodia pleased contact with me i will show you the best view in Cambodia ...............................................
Best Regard
Sothy.Sorn
-
HI Ricky
As per my request, the Iptable command which u gave works best for me
iptables -A INPUT -i eth0 -p tcp --syn -j DROP
iptables -A INPUT -p tcp --destination-port 3128 -i eth0 -j DROP
Now outside request is not allowed into my network.
But I want to allow one public IP(head office) for certain ports. I have given the command
iptables -A INPUT -s x.x.x.x -j ACCEPT
but it doesnt work. pls help
-
At Ilias !
You have to give that rule before rejecting and dropping rules.
Also you can specify ports to be allowed.
iptables -A INPUT -s x.x.x.x -p tcp --dport <port> -j ACCEPT
@Sothy
I will answer you shortly.
-
tks ricky,
i vil try and convey u. As i have to visit my Head office.
-
Sothy
Thanks for your invitation :)
Anyways,
If I am getting it right then you are asking that how about firewall in transparent proxy ?
You can use various methods, you can use a software like "firestarter" or created your own firewall using iptables.
In iptables we basically things that what might be potential way where our security is compramised and we protect that part . So here our proxy is running on port 3128 so to stop people discovering our proxy (say our internet is eth0) then we simply drop request from internet for 3128.
iptables -A INPUT -p tcp --destination-port 3128 -i eth0 -j DROP
This way you can safegaurd many ports, for udp, replay -p tcp with -p udp .
There are many other things which you use. I suggest you to better goto www.netfilter.org and download good tutorial for it.
We then put all those rules in a file which we execute mostly on startup...