Transparent proxy security

[ilias]

Hi all <-> Ricky

As I have successfully configured Squid Transparent proxy. This happnd 3 month back.

Now I am facing some problems. My squid server Ip has been in Included in the black list stating some one is using my Ip for spaming. So my clients are not able to send mails and browse certain servers.

Now what i have to do, what security tunning has b done. I am putting the transparent proxy script which i have written in rc.nat.

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

iptables --append FORWARD --in-interface eth1 -j ACCEPT

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

echo 1 > /proc/sys/net/ipv4/ip_forward

and i have open ssh port 22 for remote access. Do i need to block that.
if s how can i enable to a particular IP say 61.9.89.2

I need help desperately

[LinuxFreaK]

Dear ilias,
Salam,

This rule should work !!

# iptables -I INPUT -s 61.9.89.2 -p tcp --dport 22 -j ACCEPT

Best Regards.

[lambda]

one thing you can do is block outgoing smtp. make the users use your mail server for outgoing mail.

[AsadRasheed]

Dear ilias,

Looks like someone find open proxy or may be some guy in your network spam from it.
Just allow your network to use squid and block all other access to your squid server.

Regards,
M Asad Rasheed