03-25-2009
Help with iptables on proxy server
I may be doing this incorrectly, so if you have any suggestions, I'm open to it. So I installed a reverse proxy server on my LAN. It's not on the DMZ because it's coming from a blade running inside a virtual machine. Anyways, so I installed iptables and locked everything down from the outside coming in. Only port 80 is open from the outside. My question is, what if someone compromised the box in any way, I want to deny them access to our local lan. However, just thinking about this, if someone got in through SSH or something they could just disable iptables, no?
I was thinking of denying traffic from the proxy to our LAN but is that irrelevant? I still need my LAN to talk to the proxy server since our back-end webservers need to communicate w/ this proxy server.
10 More Discussions You Might Find Interesting
1. IP Networking
I'm new to this forum, so please be gentle !
I need to get my IBM RS running AIX4.3 onto the internet to a particular ftp server, through a NT server running proxy services.
This NT server is directly connected to our internet router vis a secondary NIC on the NT server.
When I add the route... (2 Replies)
Discussion started by: garry
2 Replies
2. UNIX for Dummies Questions & Answers
I'm trying to get a Unix server on the internet (mostly for DNS requests) but this server is on a network behind a Proxy server. How can I configure my unix server that he will pass the proxy server for internet requests? (2 Replies)
Discussion started by: RSlegers
2 Replies
3. Linux
i have installed a proxy server on my linux box .
how to get the IP for that proxy .
cheers (3 Replies)
Discussion started by: ppass
3 Replies
4. UNIX for Dummies Questions & Answers
Hello everyone,
im searching an proxy server for Digital UNIX V4.0E...
someone got an idea ? (pre-compiled package would be the best :p) (0 Replies)
Discussion started by: alvoryx
0 Replies
5. Shell Programming and Scripting
I have been toying with a Proxy client/server app that will listen on the CLIENT system on lets say port 7070. User's browser proxy setting is configured for "localhost" port "7070".
When this proxy app gets a request for a URL it should FETCH the URL and display it on the browser.
I... (1 Reply)
Discussion started by: Dabheeruz
1 Replies
6. Red Hat
Hi,
I want to be able to get my server to update via yum through our work proxy.
I have tried the usual method of exporting the http_proxy=http://username:password@domain.com but this does not work for me.
I opce heard about a guy who set up a proxy on his XP laptop (Don't flame me I have... (0 Replies)
Discussion started by: pobman
0 Replies
7. IP Networking
Hi,
I am involved in a project on Debian. One of my requirement is to route an IP packet in my application to a proxy server and receive the reply from the proxy server as an IP packet. My application handles data at the IP frame level. My application creates an IP packet(with all the necessary... (0 Replies)
Discussion started by: Rajesh_BK
0 Replies
8. IP Networking
Can any one direct me to the resources where I can find in-depth instructions on Squid Proxy server and its configuration?
Thanks in advance.:) (1 Reply)
Discussion started by: admin_xor
1 Replies
9. Shell Programming and Scripting
I want to write a perl script on a server to behave like a proxy server.
I want to be able to enter the hostname and port on firefox proxy settings (or IE, chrome, whatever) and then go to a site, and have my webserver forward the request to another server, and forward the response back to the... (2 Replies)
Discussion started by: Arun_Linux
2 Replies
10. UNIX for Dummies Questions & Answers
Hi,
i would like to enable all operations/connections to use a proxy server in a redhat server ,
witch file should i config to get this for all conections ....
Thanks (0 Replies)
Discussion started by: prpkrk
0 Replies
LEARN ABOUT SUSE
xfindproxy
XFINDPROXY(1) General Commands Manual XFINDPROXY(1)
NAME
xfindproxy - locate proxy services
SYNOPSIS
xfindproxy -manager managerAddr -name serviceName -server serverAddr [-auth] [-host hostAddr] [-options opts]
DESCRIPTION
xfindproxy is a program used to locate available proxy services. It utilizes the Proxy Management Protocol to communicate with a proxy
manager. The proxy manager keeps track of all available proxy services, starts new proxies when necessary, and makes sure that proxies are
shared whenever possible.
The -manager argument is required, and it specifies the network address of the proxy manager. The format of the address is a standard ICE
network id (for example, "tcp/blah.x.org:6500").
The -name argument is required, and it specifies the name of the desired proxy service (for example, "LBX"). The name is case insensitive.
The -server argument is also required, and it specifies the address of the target server. The format of the address is specific to the
proxy service specified with the -name argument. For example, for a proxy service of "LBX", the address would be an X display address
(e.g, "blah.x.org:0").
The -auth argument is optional. If specified, xfindproxy will read 2 lines from standard input. The first line is an authoriza-
tion/authentication name. The second line is the authorization/authentication data in hex format (the same format used by xauth). xfind-
proxy will pass this auth data to the proxy, and in most cases, will be used by the proxy to authorize/authenticate itself to the target
server.
The -host argument is optional. If xfindproxy starts a new proxy service, it will pass the host specified. The proxy may choose to
restrict all connections to this host. In the event that xfindproxy locates an already existing proxy, the host will be passed, but the
semantics of how the proxy uses this host are undefined.
The -options argument is optional. If xfindproxy starts a new proxy service, it will pass any options specified. The semantics of the
options are specific to each proxy server and are not defined here. In the event that xfindproxy locates an already existing proxy, the
options will be passed, but the semantics of how the proxy uses these options are undefined.
If xfindproxy is successful in obtaining a proxy address, it will print it to stdout. The format of the proxy address is specific to the
proxy service being used. For example, for a proxy service of "LBX", the proxy address would be the X display address of the proxy (e.g,
"blah.x.org:63").
If xfindproxy is unsuccessful in obtaining a proxy address, it will print an error to stderr.
SEE ALSO
proxymngr (1), Proxy Management Protocol spec V1.0
AUTHOR
Ralph Mor, X Consortium
X Version 11 xfindproxy 1.0.1 XFINDPROXY(1)