[ale] NAT proxy mystery
Jonathan Glass
jonathan.glass at ibb.gatech.edu
Thu Aug 15 09:18:02 EDT 2002
Are you running squid? If so, did you change the squid's IP address in
squid.conf? Had this same problem when I rolled a client from ISP to
another, and that danged squid IP was the culprit.
Jonathan
At 09:26 AM 8/15/2002 -0400, Michael Barker wrote:
>I have a server that I set up and admin on volunteer basis that has recently
>lost transparent proxy functionality. Everything was fine until this and the
>last thing in the squid log was a connection to a quake server in the UK.
>
>Is there an exploit for proxy hijacking that I'm not aware of? If so or not
>can someone give me a clue on where to start resolving this proxy problem.
>
>/etc/rc.d/init.d> # ./iptables status shows that my prerouting rule is loaded.
>
> > # netstat -a shows listen on 80 and 3128
>
> > # ifconfig shows both nic cards
>
>Nothing has changed in the other firewall rules.
>
>This is a gateway on a DSL modem at eth0 and the inside network on eth1.
>
>The PREROUTING rule is as follows:
>
>iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port
>3128
>
>Recently DNS has changed at the provider in that the ip address no longer
>matches the name, but IE on the inside can't get sites with ip address.
>
>All help is greatly appreciated in advance.
>
>Michael E. Barker
>
>---
>This message has been sent through the ALE general discussion list.
>See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
>sent to listmaster at ale dot org.
Jonathan Glass, RHCE, Linux+, Network+, A+, MCP
Systems Support Specialist II
Institute for Bioengineering and Bioscience/BME
Georgia Institute of Technology
Voice: 404-385-0127
E-mail: jonathan.glass at ibb.gatech.edu
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list