Re: [Ilugc] Firefox_Mozilla
On Mon, Mar 12, 2012 at 8:28 PM, rmariya sagaya asirvatham wrote: > How can i configure my firewall to accept all outgoing web traffic only > from my proxy server > > may i add below lines in my iptables > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to > 192.168.x.x.3128 > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT > --to-port 3128 It's high time you stopped top posting and learnt to follow mailing list guide lines. Your iptables rule is not correct, you are destination/reverse NAT which is not needed in your setup. My preferred method with iptables it to default DROP packets on the FORWARD chain. This will ensure only traffic you explicitly permit to pass through your system will be allowed - you can permit outbound dns, ssh, smtp/pop, etc for select source and destination IP ranges. Knowledge of iptables working is essential to build a successful security system. Suggest you read the iptables documentation fully and test thoroughly before deploying. - Raja ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Firefox_Mozilla
Thank you I will try and confirm. with thanks Asiyr On Tue, Mar 13, 2012 at 11:48 AM, Karthikeyan Venkatraman < vgkarthick...@gmail.com> wrote: > On Mon, Mar 12, 2012 at 8:28 PM, rmariya sagaya asirvatham < > asir.li...@gmail.com> wrote: > > > Thank you. > > > > How can i configure my firewall to accept all outgoing web traffic only > > from my proxy server > > > > may i add below lines in my iptables > > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to > > 192.168.x.x.3128 > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT > > --to-port 3128 > > > > what i have to do more.. > > > > (my proxy server is running in my gateway ssystem,i am using only one > > system for both) > > > > with thanks > > Asir > > > > hi, > > > Pl go through this url where you can lock the proxy settings tools with > password. > https://addons.mozilla.org/en-US/firefox/addon/public-fox/ > > This tool may be simple for small computer networks. > > Thanks, > V. Karthick > > My Experience shared in : http://vkarthickeyan.wordpress.com > ___ > ILUGC Mailing List: > http://www.ae.iitm.ac.in/mailman/listinfo/ilugc > ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Firefox_Mozilla
On Mon, Mar 12, 2012 at 8:28 PM, rmariya sagaya asirvatham < asir.li...@gmail.com> wrote: > Thank you. > > How can i configure my firewall to accept all outgoing web traffic only > from my proxy server > > may i add below lines in my iptables > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to > 192.168.x.x.3128 > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT > --to-port 3128 > > what i have to do more.. > > (my proxy server is running in my gateway ssystem,i am using only one > system for both) > > with thanks > Asir > > hi, > Pl go through this url where you can lock the proxy settings tools with password. https://addons.mozilla.org/en-US/firefox/addon/public-fox/ This tool may be simple for small computer networks. Thanks, V. Karthick My Experience shared in : http://vkarthickeyan.wordpress.com ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Firefox_Mozilla
Thank you. How can i configure my firewall to accept all outgoing web traffic only from my proxy server may i add below lines in my iptables iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.x.x.3128 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 what i have to do more.. (my proxy server is running in my gateway ssystem,i am using only one system for both) with thanks Asir On Mon, Mar 12, 2012 at 7:43 PM, Raja Subramanian wrote: > On Mon, Mar 12, 2012 at 6:01 PM, rmariya sagaya asirvatham > wrote: > > We are in the need of proxy authentication mode for all users ,So we are > > unable to implement transparent mode. > > Good network security implementation should work regardless > of the desktop/browser settings. > > If you configure your firewall to accept outgoing web traffic > only from your proxy server IP, then even if users change the > browser proxy configuration they cannot cannot bypass your > proxy and gain web access. Worst case is without the correct > proxy config users will not have web access. > > - Raja > ___ > ILUGC Mailing List: > http://www.ae.iitm.ac.in/mailman/listinfo/ilugc > ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Firefox_Mozilla
On Mon, Mar 12, 2012 at 6:01 PM, rmariya sagaya asirvatham wrote: > We are in the need of proxy authentication mode for all users ,So we are > unable to implement transparent mode. Good network security implementation should work regardless of the desktop/browser settings. If you configure your firewall to accept outgoing web traffic only from your proxy server IP, then even if users change the browser proxy configuration they cannot cannot bypass your proxy and gain web access. Worst case is without the correct proxy config users will not have web access. - Raja ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Firefox_Mozilla
Thank you. We are in the need of proxy authentication mode for all users ,So we are unable to implement transparent mode. Any other way...Please with thanks Asir On Mon, Mar 12, 2012 at 5:29 PM, Shrinivasan T wrote: > On Mon, Mar 12, 2012 at 4:45 PM, rmariya sagaya asirvatham > wrote: > > Hi ILUGS, > > > > > > I dont want the users change their proxy settings in the browser. > > Controlling the browser settings in all the users machine is not possible. > > You have to set the transparent proxy. > i.e you have to route all the network traffic in your office to the > proxy server automatically. > > Check the following links. > > > http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html > > > http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch32_:_Controlling_Web_Access_with_Squid#Configuring_iptables_to_Support_the_Squid_Transparent_Proxy > > > > > > -- > Regards, > T.Shrinivasan > > > My Life with GNU/Linux : http://goinggnu.wordpress.com > Free/Open Source Jobs : http://fossjobs.in > > Get CollabNet Subversion Edge : http://www.collab.net/svnedge > ___ > ILUGC Mailing List: > http://www.ae.iitm.ac.in/mailman/listinfo/ilugc > ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Firefox_Mozilla
On Mon, Mar 12, 2012 at 5:29 PM, Shrinivasan T wrote: > On Mon, Mar 12, 2012 at 4:45 PM, rmariya sagaya asirvatham > wrote: > > Hi ILUGS, > > > > > > I dont want the users change their proxy settings in the browser. > > If you are using Active directory services in your network, you should > install Firefox ADM to control proxy settings for the end users. > Pl refer the link http://sourceforge.net/projects/firefoxadm/ -- Thanks, V. Karthick My Experience shared in : http://vkarthickeyan.wordpress.com ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Firefox_Mozilla
On Mon, Mar 12, 2012 at 4:45 PM, rmariya sagaya asirvatham wrote: > Hi ILUGS, > > > I dont want the users change their proxy settings in the browser. Controlling the browser settings in all the users machine is not possible. You have to set the transparent proxy. i.e you have to route all the network traffic in your office to the proxy server automatically. Check the following links. http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch32_:_Controlling_Web_Access_with_Squid#Configuring_iptables_to_Support_the_Squid_Transparent_Proxy -- Regards, T.Shrinivasan My Life with GNU/Linux : http://goinggnu.wordpress.com Free/Open Source Jobs : http://fossjobs.in Get CollabNet Subversion Edge : http://www.collab.net/svnedge ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
[Ilugc] Firefox_Mozilla
Hi ILUGS, I am using FireFOX 10.0.2 , how can i disable the settings option in network tap. Firefox>edit--> preference--> network-->settings. I dont want the users change their proxy settings in the browser. please help me. With thanks Asiyr ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc