LAN Proxy - iptables gateway

Jose Maria Lopez jkerouac at bgsec.com
Fri Sep 10 18:37:51 CEST 2004


El vie, 10 de 09 de 2004 a las 07:36, Manikandan escribió:
> Hi all,
> 
>  
> 
> I have a local LAN (10.35.50.0/24) which is connected to my linux
> firewall/gateway running iptables for internet access using an internet
> link. My LAN is connected to other subnets using a leased line. 
> 
>  
> 
> I had to add a few routes in my linux gateway (running iptables) to enable
> my LAN clients to access servers in other subnets and networks which are in
> the range of 10.0.0.0/8 and 97.0.0.0/8. 
> 
>             
> 
> Everything seems to be working fine. But recently I found that one of my LAN
> clients is running an Analog proxy. Few users sitting in other networks are
> using this proxy and able to access internet. 
> 
>  
> 
> My firewall is configured to allow traffic to internet from LAN only
> (10.35.50.0/24). As the proxy is inside this network, firewall allows the
> traffic.
> 
>  
> 
> How do I stop this? I don't want users in other network to access internet
> through my iptables. Please help me. Thanks in advance. 
> 
>  

You could look at your logs and find the port analog is using. If it's
not a port you want to have opened then you should close it in the
firewall. If it's a port you need, let's say port 80, then it's a little
more complicated. You could use some kind of application proxy to stop
people from using this kind of applications.

> 
> Regards,
> 
> Manikandan
> 
>  
-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac at bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"




More information about the netfilter mailing list