SLUG Mailing List Archives - Re: [SLUG] blocking port 80 on firewall.

To: Ken Foskey <foskey@xxxxxxxxxxxxxxxx>
Subject: Re: [SLUG] blocking port 80 on firewall.
From: Keith Hopkins <hne@xxxxxxxxxx>
Date: Sun, 02 May 2004 19:38:53 +1000
Cc: slug@xxxxxxxxxxx
Organization: Hopkins Network Engineering
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113

Ken Foskey wrote:
> On Sun, 2004-05-02 at 17:08, Ken Foskey wrote:
> 
> 
>>>And....  How do I block port 80 on eth1 using ipmasq (ipchains) under
>>>debian.
>>
>>All I need to do now is figure out how to ensure the proxy is used.
> 
> 
> Turns out that I am using iptables (K 2.4.26) I think this command
> should do the drop that I want.
> 
> iptables -A INPUT -j DROP -p tcp  -d 0/0 --destination-port www
> 
> Is this right, will is stop squid going out?
> Where do I put this in the startup to make it work?
> 

  Instead of blocking port 80, you could also consider redirecting it to the port used by squid.  Something like:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

  This works for me (transparent proxying) under SuSE.

-- 
Found in Sydney,
  Keith

Follow-Ups:
- Re: [SLUG] blocking port 80 on firewall.
  - From: Robert Collins
- Re: [SLUG] blocking port 80 on firewall.
  - From: Mary Gardiner

References:
- [SLUG] squidguard not working.
  - From: Ken Foskey
- [SLUG] Re: squidguard not working.
  - From: Ken Foskey
- [SLUG] blocking port 80 on firewall.
  - From: Ken Foskey

Messages sorted by: [ date | thread ]
Prev by Date: Re: [SLUG] tcp tuning
Next by Date: Re: [SLUG] tcp tuning
Previous by thread: Re: [SLUG] blocking port 80 on firewall.
Next by thread: Re: [SLUG] blocking port 80 on firewall.