D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] iptables NAT problem?

 

Hi

Thanks for you quick responce, I will have a look tomorrow and check what 
modules are loaded.

Thanks again

Sam

----- Original Message ----- 
From: "Simon Waters" <simon@xxxxxxxxxxxxxx>
To: <list@xxxxxxxxxxxxx>
Sent: Tuesday, August 26, 2008 8:49 PM
Subject: Re: [LUG] iptables NAT problem?


> Sam Grabham wrote:
>>
>> At the end of the day i am trying to Proxy a hidden server to the web
>> with out showing it's real network info.
>>
>> I tried Squid as a reverse proxy, but found i could only get port 80 to
>> proxy. I wanted port 21 and 443 to also proxy but wouldn't work.
>> The SSL (443) cert is based on Domain name only so IP doesn't affect it
>> as long as the domain name resolves to the external IP.
>
> Not tried port 21.
>
> Port 443 won't cache in squid unless you terminate the SSL tunnel in 
> Squid.
>
> The Centos Squid is compiled with the SSL code enabled (unlike Debian's
> - grr), so it ought mostly to be a case of copying the examples in the
> documentation (and copying the Apache certificate and server key to the
> squid box).
>
> You can terminate the SSL tunnel in squid, decrypt, cache and proxy, and
> connect via SSL to the server. But that is quite complicated if you
> insist on checking the whole certificate chain for the server (as you
> should!).
>
> The iptables stuff looks plausible. Have you got all the kernel modules
> you need loaded? Any errors logged when you start it up, or try and use 
> it?
>
> -- 
> The Mailing List for the Devon & Cornwall LUG
> http://mailman.dclug.org.uk/listinfo/list
> FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html
>
> No virus found in this incoming message.
> Checked by AVG.
> Version: 8.0.138 / Virus Database: 270.6.9/1635 - Release Date: 8/26/2008 
> 7:29 AM
>
>
> 


-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html