Re: Tunneling server for http and https traffic

On 21 Maj, 16:23, Tauno Voipio <tauno.voi...@xxxxxxxxxxxxx> wrote:
magnus.morab...@xxxxxxxxx wrote:
Hi there,

I have a linux machine which is routed via eth0 to "network A" and via
eth1 to "networkB".

I wish for clients in "network A" to access content on a webserver
located in "network B".

The protocols I wish to support are Http (80) and Https (443).

Firewalls exist between my linux machine and networks A, and between
my linux machine and network B.

I have added networks A and B to my linux machine's routing table and
I can now ping from a machine in network A to the linux machine, and
from the linux machine to the web server on network B.

The firewalls are configured to only accept traffic via port 80 and

So my question is, how do I connect network A and B? I have installed
squid on the linux machine and it is my understanding that if I
configure it as a tunneling server, listening on ports 80 and 443,
that this will achieve what I'm after. Is this correct?

BTW, I am not interested in doing any kind of caching with squid. The
version of squid I have is version 2.5.STABLE.

At the moment the only configuring of squid that I have done is to
have it listen on port 80. When I telnet to the linux machine on port
80 from a machine in network A, I am receiving a squid generated web

Any advice or suggestions are welcome,

Thanks for your help,


You can do the requested functions without Squid by
using iptables to allow IP forwarding for TCP ports
80 and 443 only and disallowing others. You have to
remember to turn IP forwarding on after setting up
the firewall rules.

Documentation for setting up the filters are to be
found at <>. There is more
than you'll need.


Tauno Voipio
tauno voipio (at) iki fi

Thanks very much for that tip! Would the following code archive what
I'm after, ignoring the fact that it will allow all tcp ports?



# delete all existing rules.
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT

# Allow established connections, and those not coming from network B
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state --state

# Allow outgoing connections from network A
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

# Don't forward from the network b to network a
iptables -A FORWARD -i eth1 -o eth1 -j REJECT

# Enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward