Yahoo mail affected by new Linux Firewall w/ web filter
I recently implimented a transparent proxy running Fedora Core 5 and Dansguardian for web filtering purposes.
Not knowing much about iptables, through a mix of resources and EE advice, I used the following for Internet traffic to be allowed through, and for traffic to be redirected to the Dansguardian filter:
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo 1 > /proc/sys/net/ipv4/ip_forw
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE (where eth1 is the NIC connected to the wireless router)
iptables -A FORWARD -i eth0 -j ACCEPT (where eth0 is the nic connected to your LAN i.e. your laptop)
iptables -t nat -A PREROUTING -m tcp -p tcp --dport 80 -j REDIRECT --to-port 8080
/etc/init.d/iptables save
It works just fine.
I have one user on the simple network having problems with Yahoo Mail. When they login with this network the colors are gone, the text jumbled everywhere, and much of the functionality not working. In effect their email is unusable in this network. -Works fine elsewhere.
It was recommended that maybe Yahoo was using a port I didn't have open, BUT I believe the above iptable command allows all outbound ports. I want to fix that too but first things first.
I can't find a reference to Yahoo using a special port. All other web-based and POP3 mail works perfectly fine.
mail.yahoo.com is whitelisted with regard to the filter.
If someone thinks I need to make iptables changes please provide commands, as I haven't figured that aspect out yet.
Explanations and step by step directions are appreciated.
Not knowing much about iptables, through a mix of resources and EE advice, I used the following for Internet traffic to be allowed through, and for traffic to be redirected to the Dansguardian filter:
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo 1 > /proc/sys/net/ipv4/ip_forw
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE (where eth1 is the NIC connected to the wireless router)
iptables -A FORWARD -i eth0 -j ACCEPT (where eth0 is the nic connected to your LAN i.e. your laptop)
iptables -t nat -A PREROUTING -m tcp -p tcp --dport 80 -j REDIRECT --to-port 8080
/etc/init.d/iptables save
It works just fine.
I have one user on the simple network having problems with Yahoo Mail. When they login with this network the colors are gone, the text jumbled everywhere, and much of the functionality not working. In effect their email is unusable in this network. -Works fine elsewhere.
It was recommended that maybe Yahoo was using a port I didn't have open, BUT I believe the above iptable command allows all outbound ports. I want to fix that too but first things first.
I can't find a reference to Yahoo using a special port. All other web-based and POP3 mail works perfectly fine.
mail.yahoo.com is whitelisted with regard to the filter.
If someone thinks I need to make iptables changes please provide commands, as I haven't figured that aspect out yet.
Explanations and step by step directions are appreciated.
ASKER
Well the problem was resolved. It just took a day for me to walk away from and of course it was simple. Apparently ALL of the graphics in the mail.yahoo.com site are located in the 'yimg.com' domain -which was blocked. After whitelisting that site it all works fine.
I will likely have actual IPtable troubles in the near future, as I obviously need the firewall locked down. For now there is at least a router sitting between the Linux box and the outside world to protect incoming traffic.
I will likely have actual IPtable troubles in the near future, as I obviously need the firewall locked down. For now there is at least a router sitting between the Linux box and the outside world to protect incoming traffic.
I agree
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
and likewise packet sniffers.
use it like
tcpdump -ni eth0 host ip.ad.dr.es
and use the right ipaddress on ip.ad.dr.es
then try to access yahoo, that will tell you what ports are used.
if yahoo uses port 80, then also your proxy might have impact.
btw, all outside->inside access to port 80 is also redirected to port 8080,
dont known if it was meant that way.
And indeed if that's all you did to the iptables rules then you don't block any
traffic. (dansguardian).