Local: Firewalling |
Squid
- URL: http://www.squid-cache.org/
- Hints:
- Make shure that the proxy is only reachable from internal! Otherwise with a misconfigured firewall it's possible to use the proxy from outside as relay to get information from inside. Best way to do that is to specify the listen address and block all requests from not internal IPv4 addresses like
# Specify listen address and port
http_port 192.168.1.1:3128# Define IPv4 addresses of internal network and allow access
acl localnet src 192.168.0.0/255.255.0.0
http_access allow localnet# Deny all other access
http_access deny all
- Proxy chaining with junkbuster (configured for listen on IPv4 address 127.0.0.1 and port 8081)
# Define a forwarder for requests
cache_peer 127.0.0.1 parent 8081 0 no-query# Define some domains which should not junkbustered
acl notjunkbustered dstdomain .atomfilms.com
always_direct allow notjunkbustered# FTP isn't supported by junkbuster
acl FTP proto FTP
always_direct allow FTP# For SSL it makes no sense to forward the requests to junkbuster
acl CONNECT method CONNECT
always_direct allow CONNECT# But all other requests must be forwareded to cache_peer junkbuster
always_direct deny all
Junkbuster
- URL: http://www.junkbuster.com/
- Hints:
- Make shure that the proxy is only reachable from internal! Otherwise with a misconfigured firewall it's possible to use the proxy from outside as relay to get information from inside. Best way to do that is to specify the listen address like
listen-address 192.168.1.1:8081
For use with e.g. Ipswitch WS_FTP client
jftpgw
named/BIND
- URL: http://www.isc.org/products/BIND/
- Hints:
- Make shure that the named is only reachable from internal! Otherwise with a misconfigured firewall it's possible to use this named to resolve from outside queries about internal used information. Best way to do that is to specify the listen address like
# Listen for queries only on internal interfaces
listen-on { 127.0.0.1; 192.168.1.1; };
Your connection is via:
IPv4
Your address: 18.97.14.89 |
www.bieringer.de is maintained by webmaster at bieringer dot de (Impressum) |
![]() |
![]() |