However, you can deny access to the proxy to anyone not in 192.168.0.0/24 with this iptables rule - assuming your proxy is on port 3128:
Well, how would someone from the outside connect to your proxy? You were concerned about public IPs like 202.*. How can they connect to port 3128 of your proxy? Public IP? NAT? How?
Bellow was the logs i received in my log file before i added the new rule
1205406926.780 6 219.254.32.113 TCP_DENIED/403 4197 CONNECT 203.141.160.33:25 - NONE/- text/html 1205406926.812 1680 124.115.0.175 TCP_MISS/200 21162 GET http://www.soso.com/q? - DIRECT/60.28.232.146 text/html 1205406926.900 575 89.149.242.226 TCP_MISS/200 894 POST http://www.glookle.com/usr/proxy/checker5/check.php - DIRECT/89.149.242.226 text/html 1205406927.017 852 71.228.204.50 TCP_MISS/999 5104 GET http://n2.login.scd.yahoo.com/config/pwtoken_get? - DIRECT/209.73.168.34 text/html
After i added the rule ( iptables -I INPUT 1 -s ! 192.168.0.0/24 -p tcp--dport 3128 -j DROP )
i only get the following logs ( which looks OK :) )
9 text/html 1205418879.760 29983 192.168.0.250 TCP_MISS/200 892 GET http://b.mail.google.com/a/eadroit.com/channel/bind? - DIRECT/209.85.201.189 text/html 1205418879.998 705 192.168.0.73 TCP_MISS/200 462 GET http://livehelp.qualispace.com/pull/requests.php? - DIRECT/67.15.197.19 text/html 1205418880.217 577 192.168.0.74 TCP_MISS/200 562 POST http://www.hostv.com/livehelp/include/status.php - DIRECT/209.123.178.244 text/html 1205418880.942 587 192.168.0.170 TCP_MISS/200 485 GET http://livehelp.qualispace.com/pull/traffic.php? - DIRECT/67.15.197.19 text/html 1205418881.789 595 192.168.0.248 TCP_MISS/200 462 GET http://livehelp.qualispace.com/pull/requests.php? - DIRECT/67.15.197.19 text/html 1205418882.056 593 192.168.0.151 TCP_MISS/200 462 GET http://livehelp.qualispace.com/pull/requests.php? - DIRECT/67.15.197.19 text/html
Do they disappear after implementing the above rule?
yep it did
Regards, NMK. --
Agnello