On Thu, Mar 13, 2008 at 12:43 PM, Agnello George agnello.dsouza@gmail.com wrote:
this was the suggestion from another forum !! which helped me solve my issue!!
################################################### The security risk is not any individual accessing your proxy, it's the proxy itself. *THAT* is what needs looking at.
Could you explain that a bit?
However, you can deny access to the proxy to anyone not in 192.168.0.0/24 with this iptables rule - assuming your proxy is on port 3128:
Well, how would someone from the outside connect to your proxy? You were concerned about public IPs like 202.*. How can they connect to port 3128 of your proxy? Public IP? NAT? How?
# iptables -I INPUT 1 -s ! 192.168.0.0/24 --dport 3128 -j DROP
Thats fine. But in your logs, the public IPs were all destination IPs. Do they disappear after implementing the above rule? I don't think so.
Regards, NMK.