[ale] SuSEfirewall2 in 10.1 configuration

Bob Toxen transam at verysecurelinux.com
Fri Aug 11 15:10:18 EDT 2006


SuSEfirewall2 can be hard to make do other than what its designer has
conceived and offered.

Bob

On Mon, Aug 07, 2006 at 11:52:02AM -0400, Dow_Hurst wrote:
> I'm wondering how to setup the variables correctly on a laptop.  It has a single interface pointing to a masqueraded home LAN.  I want to have the laptop's SuSEfirewall2 (running tinyproxy and dansguardian) set to redirect any packets to port 80 originating from a user's browser forced to port 8080.
> 
> Tinyproxy binds to all interfaces eg. ra0 and lo and is available on port 3128
> Dansguardian set to port 3128 and port 8080
> 
> Web browsers are set to point to a proxy at 8080 on the laptop
> 
> Do I need:
> FW_ROUTE="yes"
> FW_REDIRECT="192.168.1.0/24,0/0,tcp,80,8080 192.168.1.0/24,0/0,tcp,443,8080"
> 
> Or, is the SuSEfirewall2 scripts just not appropriate for this and I need a simple iptables ruleset?  If so can the dhcp address assigned to ra0 be accessed to configure the rules for setting up the proxy redirection protection?  The goal to not allow a browser being reset to not use the proxies to get to the Internet.  Right now if you reset the browser's to not use the proxies you still can surf but without any protection from bad content.
> Thanks!
> Dow
> 
> 
> 
> 
> No sig.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale



More information about the Ale mailing list