Issue with Transparent Proxy

Home Page Forums Network Management ZeroShell Issue with Transparent Proxy

This topic contains 1 reply, has 0 voices, and was last updated by  SilverFalcon 7 years, 4 months ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #43153

    SilverFalcon
    Member

    Hi,

    I am running ZS1.0b16 and I have an issue with transparent proxying and the Firewall.
    ETH00 is the WiFi LAN, ETH01 is Internet and ETH02 is Management LAN.

    My input chain is set up as such:

    Chain INPUT (policy DROP 30 packets, 968 bytes)
    pkts bytes target prot opt in out source destination
    69123 68M SYS_GUI all -- * * 0.0.0.0/0 0.0.0.0/0
    69123 68M SYS_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
    18 1148 SYS_HTTPS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    462 52108 SYS_HTTPS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
    0 0 SYS_SSH tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
    0 0 ACCEPT all -- ETH02 * 0.0.0.0/0 10.40.10.6
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 reject-with icmp-port-unreachable
    696 77324 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

    When I enable transparent proxy a proxy entry is added to the chain but it is added at the bottom so the rules above are blocking the proxy from working.

    I have manually added a new rule to top of the input chain as follows:

    22219 1785K ACCEPT     tcp  --  ETH00  *       0.0.0.0/0            0.0.0.0/0           tcp dpt:55559 

    The proxy works with this rule in place.

    Should the Transparent Proxy service be adding the rule to allow port 55559 at the top of the chain rather than the bottom?

    Many thanks,

    Phill

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.