[SUCS Devel] [Git][sucs/sucs][master] Don't force stuff going to our own webserver from ourselves through the proxy

Imran Hussain imranh at sucs.org
Tue May 1 19:30:15 BST 2018


Imran Hussain pushed to branch master at sucs / SUCS


Commits:
e364c11a by Imran Hussain at 2018-05-01T19:29:36+01:00
Don't force stuff going to our own webserver from ourselves through the proxy

- - - - -


1 changed file:

- ansible/roles/sucs-firewall/templates/firewall-rules


Changes:

=====================================
ansible/roles/sucs-firewall/templates/firewall-rules
=====================================
--- a/ansible/roles/sucs-firewall/templates/firewall-rules
+++ b/ansible/roles/sucs-firewall/templates/firewall-rules
@@ -518,7 +518,7 @@ $IPT -t nat -A PREROUTING -i $INTERFACE_GUEST -m mark ! --mark 1 -p tcp -m tcp -
 $IPT -t nat -A PREROUTING -i $INTERFACE_GUEST -m mark ! --mark 1 -p tcp -m tcp --dport 80 -j DNAT --to 137.44.10.63
 
 # Rest of Transparent Proxy
-$IPT -t nat -A PREROUTING ! -i $INTERFACE_OUTSIDE ! -s $PROXY_BOX -p tcp --dport 80 -m policy --dir in --pol none -j DNAT --to $PROXY_BOX:$PROXY_PORT
+$IPT -t nat -A PREROUTING ! -i $INTERFACE_OUTSIDE ! -s $PROXY_BOX ! -d $NET_INSIDE -p tcp --dport 80 -m policy --dir in --pol none -j DNAT --to $PROXY_BOX:$PROXY_PORT
 
 # pptp vpns
 $IPT -A FORWARD -i $INTERFACE_GUEST -p 47 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT



View it on GitLab: https://projects.sucs.org/sucs/sucs/commit/e364c11a4bbf32206358ca3f8692c2204fab99eb

---
View it on GitLab: https://projects.sucs.org/sucs/sucs/commit/e364c11a4bbf32206358ca3f8692c2204fab99eb
You're receiving this email because of your account on projects.sucs.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sucs.org/pipermail/devel/attachments/20180501/224fe762/attachment.html>


More information about the Devel mailing list