D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] iptables NAT problem?

 

Sam Grabham wrote:
> 
> At the end of the day i am trying to Proxy a hidden server to the web
> with out showing it's real network info.
> 
> I tried Squid as a reverse proxy, but found i could only get port 80 to
> proxy. I wanted port 21 and 443 to also proxy but wouldn't work.
> The SSL (443) cert is based on Domain name only so IP doesn't affect it
> as long as the domain name resolves to the external IP.

Not tried port 21.

Port 443 won't cache in squid unless you terminate the SSL tunnel in Squid.

The Centos Squid is compiled with the SSL code enabled (unlike Debian's
- grr), so it ought mostly to be a case of copying the examples in the
documentation (and copying the Apache certificate and server key to the
squid box).

You can terminate the SSL tunnel in squid, decrypt, cache and proxy, and
connect via SSL to the server. But that is quite complicated if you
insist on checking the whole certificate chain for the server (as you
should!).

The iptables stuff looks plausible. Have you got all the kernel modules
you need loaded? Any errors logged when you start it up, or try and use it?

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html