Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Help me configure iptables, squid and VPN
-
- Posts: 10
- Joined: 2015-03-20 20:08
Help me configure iptables, squid and VPN
I need to configure the server with the settings specified below
o Routing
Enable routing
Configure rtr1 as default gateway
o Firewall (iptables)
Prohibit access from DMZ to Guest or to Internal VLAN
Prohibit access between Guest and Internal
Prohibit HTTP access from Guest VLAN to any network
Forward all HTTP traffic from Guest VLAN to local proxy
o Proxy (squid)
Configure in transparent mode
Configure caching for requests to internet websites
Do not cache local websites from the webserver located in DMZ
o VPN
Configure VPN access to Internal VLAN
Make sure that VPN clients can only access server lnxsrv2
For login create a user “vpn” with password “cl1ent”
Use address range 172.17.118.200 to 172.17.118.255 for VPN clients
o Routing
Enable routing
Configure rtr1 as default gateway
o Firewall (iptables)
Prohibit access from DMZ to Guest or to Internal VLAN
Prohibit access between Guest and Internal
Prohibit HTTP access from Guest VLAN to any network
Forward all HTTP traffic from Guest VLAN to local proxy
o Proxy (squid)
Configure in transparent mode
Configure caching for requests to internet websites
Do not cache local websites from the webserver located in DMZ
o VPN
Configure VPN access to Internal VLAN
Make sure that VPN clients can only access server lnxsrv2
For login create a user “vpn” with password “cl1ent”
Use address range 172.17.118.200 to 172.17.118.255 for VPN clients
- dilberts_left_nut
- Administrator
- Posts: 5346
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times
Re: Help me configure iptables, squid and VPN
Good luck with your homework
AdrianTM wrote:There's no hacker in my grandma...
-
- Posts: 10
- Joined: 2015-03-20 20:08
Re: Help me configure iptables, squid and VPN
Here is the topology of the network I need to configure. I need to configure the Inxrtr1 server first.
Re: Help me configure iptables, squid and VPN
What d_l_n said: good luck with your homework.
The whole point of a learning exercise is for you to figure it out, not to get someone else to figure it out for you.
And you're not just asking for "help" here. You're asking someone to do the assignment for you. If you were making an honest effort to try to figure it out, folks here might be willing to give you a nudge in one direction or another, but no one is going to hand you the solution.
The whole point of a learning exercise is for you to figure it out, not to get someone else to figure it out for you.
And you're not just asking for "help" here. You're asking someone to do the assignment for you. If you were making an honest effort to try to figure it out, folks here might be willing to give you a nudge in one direction or another, but no one is going to hand you the solution.
-
- Posts: 10
- Joined: 2015-03-20 20:08
Re: Help me configure iptables, squid and VPN
Sorry MR. Dasein, but I'm not asking anyone to solve the whole task. I'm asking for certain services I'm not sure whether I configured them correctly or not, and I'm making honest effort. Believe me!
Just admit it you can't help.
Just admit it you can't help.
- dilberts_left_nut
- Administrator
- Posts: 5346
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times
Re: Help me configure iptables, squid and VPN
Well, given that you haven't actually asked a question, or provided any info on what you have already done, or what you are having trouble with, what sort of help are you expecting?
AdrianTM wrote:There's no hacker in my grandma...
-
- Posts: 10
- Joined: 2015-03-20 20:08
Re: Help me configure iptables, squid and VPN
o Routing
Enable routing
#echo 1 > /proc/sys/net/ipv4/ip_forward
Configure rtr1 as default gateway
#ifconfig eth0 192.168.10.2/24 up
#route add default gw 192.168.10.1
Firewall (iptables)
Prohibit access from DMZ to Guest or to Internal VLAN
#iptables -A FORWARD -i eth0:10 -o eth0:30 -s 192.168.10.0/28 -d 172.17.116.0/22 -j REJECT
Prohibit access between Guest and Internal
#iptables -A FORWARD -i eth0:20 -o eth0:30 -s 192.168.20.0/24 -d 172.17.116.0/22 -j REJECT
Prohibit HTTP access from Guest VLAN to any network
#iptables -A FORWARD -i eth0:20 -p tcp --dport 80 -s 192.168.20.0 -j REJECT
Forward all HTTP traffic from Guest VLAN to local proxy
???????????????????????????????????????????????
Proxy (squid)
Configure in transparent mode
???????????????????????????????????????????????
Configure caching for requests to internet websites
???????????????????????????????????????????????
Do not cache local websites from the webserver located in DMZ
???????????????????????????????????????????????
Enable routing
#echo 1 > /proc/sys/net/ipv4/ip_forward
Configure rtr1 as default gateway
#ifconfig eth0 192.168.10.2/24 up
#route add default gw 192.168.10.1
Firewall (iptables)
Prohibit access from DMZ to Guest or to Internal VLAN
#iptables -A FORWARD -i eth0:10 -o eth0:30 -s 192.168.10.0/28 -d 172.17.116.0/22 -j REJECT
Prohibit access between Guest and Internal
#iptables -A FORWARD -i eth0:20 -o eth0:30 -s 192.168.20.0/24 -d 172.17.116.0/22 -j REJECT
Prohibit HTTP access from Guest VLAN to any network
#iptables -A FORWARD -i eth0:20 -p tcp --dport 80 -s 192.168.20.0 -j REJECT
Forward all HTTP traffic from Guest VLAN to local proxy
???????????????????????????????????????????????
Proxy (squid)
Configure in transparent mode
???????????????????????????????????????????????
Configure caching for requests to internet websites
???????????????????????????????????????????????
Do not cache local websites from the webserver located in DMZ
???????????????????????????????????????????????
- dilberts_left_nut
- Administrator
- Posts: 5346
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times
-
- Posts: 10
- Joined: 2015-03-20 20:08
Re: Help me configure iptables, squid and VPN
Thanks, but it didn't help that much. I need a way to configure the server to be in transparent mode, and how to configure caching for requests to websites.
- dilberts_left_nut
- Administrator
- Posts: 5346
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times
Re: Help me configure iptables, squid and VPN
That is all explained in the squid documentation.
(and, presumably, in your course notes).
(and, presumably, in your course notes).
AdrianTM wrote:There's no hacker in my grandma...
-
- Posts: 10
- Joined: 2015-03-20 20:08
Re: Help me configure iptables, squid and VPN
Ok I'll postpone the squid task at a later time. I want to configure VPN so I install openvpn:
# apt-get install openvpn
But I need to create users for login and assign address range for VPN clients.
# apt-get install openvpn
But I need to create users for login and assign address range for VPN clients.
-
- Posts: 10
- Joined: 2015-03-20 20:08