1

On my local network I have to setup Linux Ubuntu boxes, so users will be able to access only to few (2-3) domains. Also, all of those Linux Ubuntu boxes are behind Proxy.

Tried to configure this using Firestarter, but I did not make it after several hours of attempts.

Most of the time, I was able to access to all of Internet, or wasn't at all - in Firefox I was getting the message:

The proxy server is refusing connections.

IP address of Proxy server is 192.168.21.155.

What I tried with Firestarter is to define Outbound traffic policy as Restrictive by default => whitelist traffic => Allow connections to host: 192.168.21.155, and several IP addresses I want to give access. But no luck, all of the websites where blocked in this case.

Also, tried to Allow service DNS (port 53), and Http-alt (port 8080) to several IP addresses I want to give access.

But I did not make it.

Also, I removed UFW (Uncomplicated Firewall) with all of it's definition, and on Iptables I have no rule defined.

Can you help me please how to configure firewall in this case?

BuZZ-dEE
  • 13,993
  • 18
  • 63
  • 80
user52869
  • 11
  • 1
  • Firewall and proxy are 2 different things. It looks like the proxy itself is refusing connections based on that output you pasted above. You can try to check proxy rules first, if it's working. Then configure your firewall afterwards. – Marky Mar 05 '13 at 15:43
  • yes, i know that they are separate things. everything works well if firewall (firestarter in this case) is stopped. i need help how to configure firestarter and with that configuration to be able to access only to several ip addresses – user52869 Mar 05 '13 at 16:02
  • I just did a quick test. I installed Firestarter and added one rule to allow only incoming connections from Proxy IP and outgoing connections to the same IP (restrictive like you said). Nothing else, not even configuring which ports are allowed. It works. All other apps that need to connect directly are blocked. Only my browser, w/c I've configured to use proxy, can connect. – Marky Mar 05 '13 at 17:07
  • My iptables is a bit rusty. Been years since I've touched this but do check with `iptables -nL`. Basically, IIRC it should look like this - since you are whitelisting IPs, the default rules are to DROP all INPUT, OUTPUT and FORWARD. Then allow all INPUT, OUTPUT if the source/destination interface is local. Now create a rule (or rules) to specifically allow connections to X IP @ Y PORT @ what STATE. – Marky Mar 05 '13 at 17:24
  • @Marky - funny thing about working with firestarter is that in some cases i was able to create proper configuration, i restarted network and disabled-enabled firestarter, and everything was working well as it shoud for few minutes. after that, or everything stopped (no proxy to find), or i had access to all internet sites. can that be in your case also? – user52869 Mar 05 '13 at 17:30
  • @Marky one more thing - i need to have access to only few websites, not to all of them. – user52869 Mar 05 '13 at 17:32
  • looks like problem occurred because i tried to access using domain name, but i did not allowed access to dns server. will try, and post you results! – user52869 Mar 05 '13 at 17:44
  • Not in my case. It does not stop working. Check Firestarter settings to reimplement the rules on start/stop of app/network. There should be something like that. For specific website access, it should be defined in your proxy rules. Note that you may have to also configure both HTTP and HTTPS access as each use different ports. For access to specific IPs other than HTTP, for example allow SSH inbound/outbound from X IP only, specify in your firewall. – Marky Mar 05 '13 at 18:07

0 Answers0