[SUCS Devel] [Git][sucs/sucs][master] Don't force stuff going to our own webserver from ourselves through the proxy
Imran Hussain
imranh at sucs.org
Tue May 1 19:30:15 BST 2018
Imran Hussain pushed to branch master at sucs / SUCS
Commits:
e364c11a by Imran Hussain at 2018-05-01T19:29:36+01:00
Don't force stuff going to our own webserver from ourselves through the proxy
- - - - -
1 changed file:
- ansible/roles/sucs-firewall/templates/firewall-rules
Changes:
=====================================
ansible/roles/sucs-firewall/templates/firewall-rules
=====================================
--- a/ansible/roles/sucs-firewall/templates/firewall-rules
+++ b/ansible/roles/sucs-firewall/templates/firewall-rules
@@ -518,7 +518,7 @@ $IPT -t nat -A PREROUTING -i $INTERFACE_GUEST -m mark ! --mark 1 -p tcp -m tcp -
$IPT -t nat -A PREROUTING -i $INTERFACE_GUEST -m mark ! --mark 1 -p tcp -m tcp --dport 80 -j DNAT --to 137.44.10.63
# Rest of Transparent Proxy
-$IPT -t nat -A PREROUTING ! -i $INTERFACE_OUTSIDE ! -s $PROXY_BOX -p tcp --dport 80 -m policy --dir in --pol none -j DNAT --to $PROXY_BOX:$PROXY_PORT
+$IPT -t nat -A PREROUTING ! -i $INTERFACE_OUTSIDE ! -s $PROXY_BOX ! -d $NET_INSIDE -p tcp --dport 80 -m policy --dir in --pol none -j DNAT --to $PROXY_BOX:$PROXY_PORT
# pptp vpns
$IPT -A FORWARD -i $INTERFACE_GUEST -p 47 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
View it on GitLab: https://projects.sucs.org/sucs/sucs/commit/e364c11a4bbf32206358ca3f8692c2204fab99eb
---
View it on GitLab: https://projects.sucs.org/sucs/sucs/commit/e364c11a4bbf32206358ca3f8692c2204fab99eb
You're receiving this email because of your account on projects.sucs.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sucs.org/pipermail/devel/attachments/20180501/224fe762/attachment.html>
More information about the Devel
mailing list