Help me configure iptables, squid and VPN

[abbakh0005]

I need to configure the server with the settings specified below


o Routing
Enable routing
Configure rtr1 as default gateway
o Firewall (iptables)
Prohibit access from DMZ to Guest or to Internal VLAN
Prohibit access between Guest and Internal
Prohibit HTTP access from Guest VLAN to any network
Forward all HTTP traffic from Guest VLAN to local proxy
o Proxy (squid)
Configure in transparent mode
Configure caching for requests to internet websites
Do not cache local websites from the webserver located in DMZ
o VPN
Configure VPN access to Internal VLAN
Make sure that VPN clients can only access server lnxsrv2
 For login create a user “vpn” with password “cl1ent”
 Use address range 172.17.118.200 to 172.17.118.255 for VPN clients

[dilberts_left_nut]

Good luck with your homework

[abbakh0005]

Here is the topology of the network I need to configure. I need to configure the Inxrtr1 server first.

[dasein]

What d_l_n said: good luck with your homework.

The whole point of a learning exercise is for you to figure it out, not to get someone else to figure it out for you.

And you're not just asking for "help" here. You're asking someone to do the assignment for you. If you were making an honest effort to try to figure it out, folks here might be willing to give you a nudge in one direction or another, but no one is going to hand you the solution.

[abbakh0005]

Sorry MR. Dasein, but I'm not asking anyone to solve the whole task. I'm asking for certain services I'm not sure whether I configured them correctly or not, and I'm making honest effort. Believe me!
Just admit it you can't help.

[dilberts_left_nut]

Well, given that you haven't actually asked a question, or provided any info on what you have already done, or what you are having trouble with, what sort of help are you expecting?

[abbakh0005]

o Routing
 Enable routing
#echo 1 > /proc/sys/net/ipv4/ip_forward

Configure rtr1 as default gateway
#ifconfig eth0 192.168.10.2/24 up
#route add default gw 192.168.10.1

Firewall (iptables)
Prohibit access from DMZ to Guest or to Internal VLAN
#iptables -A FORWARD -i eth0:10 -o eth0:30 -s 192.168.10.0/28 -d 172.17.116.0/22 -j REJECT

Prohibit access between Guest and Internal
#iptables -A FORWARD -i eth0:20 -o eth0:30 -s 192.168.20.0/24 -d 172.17.116.0/22 -j REJECT

Prohibit HTTP access from Guest VLAN to any network
#iptables -A FORWARD -i eth0:20 -p tcp --dport 80 -s 192.168.20.0 -j REJECT

Forward all HTTP traffic from Guest VLAN to local proxy

???????????????????????????????????????????????


Proxy (squid)
Configure in transparent mode
???????????????????????????????????????????????
Configure caching for requests to internet websites
???????????????????????????????????????????????
Do not cache local websites from the webserver located in DMZ
???????????????????????????????????????????????

[dilberts_left_nut]

http://www.linuxtopia.org/Linux_Firewal ... x4508.html
http://linux.die.net/man/8/squid

[abbakh0005]

Thanks, but it didn't help that much. I need a way to configure the server to be in transparent mode, and how to configure caching for requests to websites.

[dilberts_left_nut]

That is all explained in the squid documentation.
(and, presumably, in your course notes).

[abbakh0005]

Ok I'll postpone the squid task at a later time. I want to configure VPN so I install openvpn:
# apt-get install openvpn

But I need to create users for login and assign address range for VPN clients.

[abbakh0005]

Thank you very much "Experts".