Setup a secure web proxy using SSL encryption

Hi All,

I follow the steps on these tutorial:

http://www.jeffyestrumskas.com/index.php/how-to-setup-a-secure-web-proxy-using-ssl-encryption-squid-caching-proxy-and-pam-authentication/

how to configure to connect to squid using a stunnel, but I'm using centos 5 and the iptables line doesn't works neither the chown nobody.nobody /var/run/stunnel

anyone have any idea? I'm having only a white screen when I tried to connect,

and

here is the log of the stunnel client:

2011.04.09 00:58:55 LOG5[7148:6052]: Service proxy accepted connection from 127.0.0.1:63142
2011.04.09 00:58:55 LOG3[7148:6052]: SSL_accept: 1407609C: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
2011.04.09 00:58:55 LOG5[7148:6052]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
luis_chiangAsked:
Who is Participating?
 
BlazCommented:
Two things:
- you are missing double hypen infront of state NEW: "--state NEW"

- you don't have default chains (webmin changed them) - you should use INPUT chain instead of RH-Firewall-1-INPUT, so:
iptables -A INPUT -m state --state NEW -m tcp -p tcp -dport 8080 -j ACCEPT

You might try to add this rule via webmin - to make sure it will not be deleted in the future. You must only set tcp, port 8080. The state NEW part of the rule is not so important.
0
 
BlazCommented:
> -A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 8080 -j ACCEPT

This is a valid iptables command - the chain "RH-Firewall-1-INPUT" in non-standard but should be available in centos unless you have configured custom rules and chains - in that case replace only the chain part of the rule. What error does it report?

> chown nobody.nobody /var/run/stunnel

Again this is a valid command in centos (works for me). What error does it report?
0
 
luis_chiangAuthor Commented:
Hi,

thanks for your reply here is the output:

[root@xs1 ~]# iptables -A RH-Firewall-1-INPUT -m state -state NEW -m tcp -p tcp -dport 8080 -j ACCEPT
Bad argument `NEW'
Try `iptables -h' or 'iptables --help' for more information.

and if I write it in the file I get:

[root@xs1 ~]# service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: nat mangle filter         [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules: iptables-restore: line 1 failed
                                                           [FAILED]

And my iptables file is:

[root@xs1 ~]# more /etc/sysconfig/iptables
ACCEPT
# Generated by webmin
*filter
-A INPUT -p udp -m udp --dport ftp-data -j ACCEPT
-A INPUT -p udp -m udp --dport ftp -j ACCEPT
-A INPUT -p udp -m udp --dport domain -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport https -j ACCEPT
-A INPUT -p tcp -m tcp --dport http -j ACCEPT
-A INPUT -p tcp -m tcp --dport imaps -j ACCEPT
-A INPUT -p tcp -m tcp --dport imap -j ACCEPT
-A INPUT -p tcp -m tcp --dport pop3s -j ACCEPT
-A INPUT -p tcp -m tcp --dport pop3 -j ACCEPT
-A INPUT -p tcp -m tcp --dport ftp-data -j ACCEPT
-A INPUT -p tcp -m tcp --dport ftp -j ACCEPT
-A INPUT -p tcp -m tcp --dport domain -j ACCEPT
-A INPUT -p tcp -m tcp --dport smtp -j ACCEPT
-A INPUT -p tcp -m tcp --dport ssh -j ACCEPT
COMMIT
# Completed
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
# Generated by webmin
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.