Very Computer

> Hi there,

> I have a linux machine which is routed via eth0 to "network A" and via
> eth1 to "networkB".

> I wish for clients in "network A" to access content on a webserver
> located in "network B".

> The protocols I wish to support are Http (80) and Https (443).

> Firewalls exist between my linux machine and networks A, and between
> my linux machine and network B.

> I have added networks A and B to my linux machine's routing table and
> I can now ping from a machine in network A to the linux machine, and
> from the linux machine to the web server on network B.

> The firewalls are configured to only accept traffic via port 80 and
> 443.

> So my question is, how do I connect network A and B? I have installed
> squid on the linux machine and it is my understanding that if I
> configure it as a tunneling server, listening on ports 80 and 443,
> that this will achieve what I'm after. Is this correct?

> BTW, I am not interested in doing any kind of caching with squid. The
> version of squid I have is version 2.5.STABLE.

> At the moment the only configuring of squid that I have done is to
> have it listen on port 80. When I telnet to the linux machine on port
> 80 from a machine in network A, I am receiving a squid generated web
> page.

> Any advice or suggestions are welcome,

> Thanks for your help,

> Barry

> > Hi there,

> > I have a linux machine which is routed via eth0 to "network A" and via
> > eth1 to "networkB".

> > I wish for clients in "network A" to access content on a webserver
> > located in "network B".

> > The protocols I wish to support are Http (80) and Https (443).

> > Firewalls exist between my linux machine and networks A, and between
> > my linux machine and network B.

> > I have added networks A and B to my linux machine's routing table and
> > I can now ping from a machine in network A to the linux machine, and
> > from the linux machine to the web server on network B.

> > The firewalls are configured to only accept traffic via port 80 and
> > 443.

> > So my question is, how do I connect network A and B? I have installed
> > squid on the linux machine and it is my understanding that if I
> > configure it as a tunneling server, listening on ports 80 and 443,
> > that this will achieve what I'm after. Is this correct?

> > BTW, I am not interested in doing any kind of caching with squid. The
> > version of squid I have is version 2.5.STABLE.

> > At the moment the only configuring of squid that I have done is to
> > have it listen on port 80. When I telnet to the linux machine on port
> > 80 from a machine in network A, I am receiving a squid generated web
> > page.

> > Any advice or suggestions are welcome,

> > Thanks for your help,

> > Barry

> You can do the requested functions without Squid by
> using iptables to allow IP forwarding for TCP ports
> 80 and 443 only and disallowing others. You have to
> remember to turn IP forwarding on after setting up
> the firewall rules.

> Documentation for setting up the filters are to be
> found at <http://www.netfilter.org/>. There is more
> than you'll need.

> --

> Tauno Voipio
> tauno voipio (at) iki fi

>>> Hi there,
>>> I have a linux machine which is routed via eth0 to "network A" and via
>>> eth1 to "networkB".
>>> I wish for clients in "network A" to access content on a webserver
>>> located in "network B".
>>> The protocols I wish to support are Http (80) and Https (443).
>>> Firewalls exist between my linux machine and networks A, and between
>>> my linux machine and network B.
>>> I have added networks A and B to my linux machine's routing table and
>>> I can now ping from a machine in network A to the linux machine, and
>>> from the linux machine to the web server on network B.
>>> The firewalls are configured to only accept traffic via port 80 and
>>> 443.
>>> So my question is, how do I connect network A and B? I have installed
>>> squid on the linux machine and it is my understanding that if I
>>> configure it as a tunneling server, listening on ports 80 and 443,
>>> that this will achieve what I'm after. Is this correct?
>>> BTW, I am not interested in doing any kind of caching with squid. The
>>> version of squid I have is version 2.5.STABLE.
>>> At the moment the only configuring of squid that I have done is to
>>> have it listen on port 80. When I telnet to the linux machine on port
>>> 80 from a machine in network A, I am receiving a squid generated web
>>> page.
>>> Any advice or suggestions are welcome,
>>> Thanks for your help,
>>> Barry
>> You can do the requested functions without Squid by
>> using iptables to allow IP forwarding for TCP ports
>> 80 and 443 only and disallowing others. You have to
>> remember to turn IP forwarding on after setting up
>> the firewall rules.

>> Documentation for setting up the filters are to be
>> found at <http://www.netfilter.org/>. There is more
>> than you'll need.

>> --

>> Tauno Voipio
>> tauno voipio (at) iki fi

> Thanks very much for that tip! Would the following code archive what
> I'm after, ignoring the fact that it will allow all tcp ports?

> #!/bin/sh

> PATH=/usr/sbin:/sbin:/bin:/usr/bin

> #
> # delete all existing rules.
> #
> iptables -F
> iptables -t nat -F
> iptables -t mangle -F
> iptables -X

> # Always accept loopback traffic
> iptables -A INPUT -i lo -j ACCEPT

> # Allow established connections, and those not coming from network B
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
> iptables -A FORWARD -i eth1 -o eth0 -m state --state
> ESTABLISHED,RELATED -j ACCEPT

> # Allow outgoing connections from network A
> iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

> # Don't forward from the network b to network a
> iptables -A FORWARD -i eth1 -o eth1 -j REJECT

> # Enable routing.
> echo 1 > /proc/sys/net/ipv4/ip_forward