Pinging through a non-transparent proxy
Les Mikesell
lesmikesell at gmail.com
Fri Feb 8 13:58:09 UTC 2008
Tim wrote:
> On Thu, 2008-02-07 at 16:13 -0500, Joe Tseng wrote:
>> I have a test network set up where the internal network, proxy and
>> firewall are connected serially. I don't have IP forwarding enabled
>> on the proxy and currently I'm only able to ping up to the proxy's
>> external interface. Would anyone happen to know the iptables rules
>> needed to allow for me to ping past that point or is the answer to my
>> problem somewhere else?
>
> More specific details would be needed about your setup.
>
> Pinging is yet another type of traffic (ICMP, usually). It isn't
> something that's going to be proxied like Squid proxies HTTP, FTP, and
> few others. Start by looking at your firewall rules that deal with
> ICMP, and your generic overall default rules.
The simple-minded way would be to set the box up to do generic
forwarding with NAT, but deny everything in iptables except what you
want to let through. (And if you want pings, you'll probably want
traceroute next...).
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list