Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: albatroz on June 20, 2005, 08:48:26 PM

Title: Avoiding using SME as proxy server
Post by: albatroz on June 20, 2005, 08:48:26 PM

Hi!
I have an IPCOP firewall and a SME Box behind, and
I have created strict rules in the IPCOP Box, however
I am allowing the SME Box full access web (port 80)to the Internet, so it can be used as web and webmail server and sometimes install contribs using wget.

This creates a risk, the SME Box can be used as a proxy
to get full access to the web, bypassing my IPCOP rules.

What should I do in squid.conf to avoid this? allow only   web access from the SME LAN IP address?

Title: Avoiding using SME as proxy server
Post by: cc_skavenger on June 20, 2005, 10:33:00 PM

if traffic does not go through the SME server, turn off squid.  

Just an idea.

Title: Avoiding using SME as proxy server
Post by: albatroz on June 20, 2005, 10:39:43 PM

But without squid, the SME Box may work as a NAT device... or am I wrong?

Title: Avoiding using SME as proxy server
Post by: cc_skavenger on June 21, 2005, 03:37:36 AM

ok, you can bypass squid and still allow traffic with these commands:

/sbin/e-smith/db configuration setprop squid Transparent no
/sbin/e-smith/signal-event remoteaccess-update

This should tell SME not to pass things through squid.  Then you can turn off the squid service with /etc/rc.d/init.d/squid stop so that no-one can use port 3128 to proxy.

HTH