[ale] NAT proxy mystery

Michael Barker mbarker68 at comcast.net
Thu Aug 15 09:26:16 EDT 2002


I have a server that I set up and admin on volunteer basis that has recently 
lost transparent proxy functionality.  Everything was fine until this and the 
last thing in the squid log was a connection to a quake server in the UK.

Is there an exploit for proxy hijacking that I'm not aware of?  If so or not 
can someone give me a clue on where to start resolving this proxy problem.

/etc/rc.d/init.d> # ./iptables status shows that my prerouting rule is loaded.

> # netstat -a shows listen on 80 and 3128

> # ifconfig shows both nic cards

Nothing has changed in the other firewall rules.

This is a gateway on a DSL modem at eth0 and the inside network on eth1.

The PREROUTING rule is as follows:

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 
3128

Recently DNS has changed at the provider in that the ip address no longer 
matches the name, but IE on the inside can't get sites with ip address.

All help is greatly appreciated in advance.

Michael E. Barker

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list