[Firehol-support] Transparent Proxy help

James Bean james at hdcs.com.au
Wed Dec 3 09:20:06 GMT 2003 

Hi,
 
What I am trying to accomplish is to denigh access to the internet from
certain users and enable for others, but the transparent proxy doesn't
seem to be working.
 
My firehol.conf is as follows:
 
--------------------------------------------
#
# $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#
 
# Require release 5 of FireHOL configuration directives
version 5
 
# Internal Network IP Address
lan_ips="192.168.69.0/24"
accepted_ips="`cat /etc/firehol/ips.txt | grep -v '^#'`"
 
# Transparent Proxy
transparent_squid 8080 "squid root" inface eth0 src "${lan_ips}"
 
# My LAN. Everything is allowed here.
interface eth0 lan src "${lan_ips}"
        server  dns     accept
        server  squid   accept
        server  ssh     accept
        server  http    accept
        server  ftp     accept
        server  smtp    accept
        server  dhcp    accept
        policy  reject
 
interface eth1 internet src not "${lan_ips} ${UNROUTABLE_IPS}"
        protection      strong  10/sec 10
        server  ssh     accept
        server  http    accept
        server  ident   reject with tcp-reset
        client  all     accept
 
router internet2lan inface eth1 outface eth0
        masquerade      reverse
        client  all     accept src "${accepted_ips}"
        server  ident   reject with tcp-reset
-----------------------------------
 
ips.txt is as follows
 
192.168.69.1
192.168.69.5
192.168.69.69
192.168.69.205
 
But I need the other machines in the network to receive there dhcp from
the box, there IP just won't be allowed at the router rule.
 
At the moment that seems to be working, except the transparent proxy
doesn't seem to be working corrently, if I do the rules manually with a
plain iptables set of rules it works no problems, I seem to have
something wrong in the firehol configuration.
 
Any help would be very much appreciated.
 
J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20031203/ef3f4f5a/attachment-0002.html>

More information about the Firehol-support mailing list