Commit d6bbe887 authored by Imran Hussain's avatar Imran Hussain

Disable proxy as it's broken and needs moving to gw

parent f25c7f37
Pipeline #507 failed with stages
in 22 seconds
......@@ -164,7 +164,7 @@ $IPT -A OUTPUT -d 137.44.10.1 -p udp -m udp --dport 1812 -j ACCEPT
$IPT -A OUTPUT -d 137.44.10.1 -p udp -m udp --dport 1813 -j ACCEPT
#HTTP-Cache to proxy machine
$IPT -A OUTPUT -d $PROXY_BOX -p tcp -m state --state NEW -m tcp --dport 3128 -j ACCEPT
#$IPT -A OUTPUT -d $PROXY_BOX -p tcp -m state --state NEW -m tcp --dport 3128 -j ACCEPT
#NUT (ups monitor to silver)
$IPT -A OUTPUT -d 137.44.10.1 -p tcp -m state --state NEW -m tcp --dport 3493 -j ACCEPT
......@@ -221,13 +221,13 @@ $IPT -A FORWARD -p ICMP -j ACCEPT
$IPT -A FORWARD -p udp --dport 33434:33523 -j ACCEPT
#Proxy stuff
$IPT -t nat -A POSTROUTING -o $INTERFACE_SUCS -s $NET_SUCS -d $PROXY_BOX -p tcp --dport $PROXY_PORT -j SNAT --to $IP_SUCS
$IPT -t nat -A POSTROUTING -o $INTERFACE_SUCS -s $NET_GUEST -d $PROXY_BOX -p tcp --dport $PROXY_PORT -j SNAT --to $IP_SUCS
$IPT -A FORWARD -s $NET_SUCS -d $PROXY_BOX -i $INTERFACE_SUCS -p tcp --dport $PROXY_PORT -j ACCEPT
$IPT -A FORWARD -s $NET_GUEST -d $PROXY_BOX -i $INTERFACE_GUEST -p tcp --dport $PROXY_PORT -j ACCEPT
#$IPT -t nat -A POSTROUTING -o $INTERFACE_SUCS -s $NET_SUCS -d $PROXY_BOX -p tcp --dport $PROXY_PORT -j SNAT --to $IP_SUCS
#$IPT -t nat -A POSTROUTING -o $INTERFACE_SUCS -s $NET_GUEST -d $PROXY_BOX -p tcp --dport $PROXY_PORT -j SNAT --to $IP_SUCS
#$IPT -A FORWARD -s $NET_SUCS -d $PROXY_BOX -i $INTERFACE_SUCS -p tcp --dport $PROXY_PORT -j ACCEPT
#$IPT -A FORWARD -s $NET_GUEST -d $PROXY_BOX -i $INTERFACE_GUEST -p tcp --dport $PROXY_PORT -j ACCEPT
#HTTP (to Off Campus) from Inside (not via proxy) DROP!
$IPT -A FORWARD ! -i $INTERFACE_OUTSIDE ! -d $NET_CAMPUS ! -s $PROXY_BOX -p tcp -m state --state NEW -m tcp --dport 80 -j REJECT
#$IPT -A FORWARD ! -i $INTERFACE_OUTSIDE ! -d $NET_CAMPUS ! -s $PROXY_BOX -p tcp -m state --state NEW -m tcp --dport 80 -j REJECT
#From backup to sucs
$IPT -A FORWARD -d $NET_SUCS -s $BACKUP -j ACCEPT
......@@ -358,10 +358,10 @@ $IPT -A FORWARD -d 137.44.10.1 -p tcp -m state --state NEW -m tcp --dport 993 -j
$IPT -A FORWARD -d 137.44.10.1 -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT
#ICP - (to proxy machine) from campus proxy (octopussy.swan.ac.uk)
$IPT -A FORWARD -d $PROXY_BOX -s $NET_CAMPUS -p tcp -m state --state NEW -m tcp --dport 3128 -j ACCEPT
$IPT -A FORWARD -d $PROXY_BOX -s $NET_CAMPUS -p udp -m udp --dport 3128 -j ACCEPT
$IPT -A FORWARD -d $PROXY_BOX -s $NET_CAMPUS -p tcp -m state --state NEW -m tcp --dport 3130 -j ACCEPT
$IPT -A FORWARD -d $PROXY_BOX -s $NET_CAMPUS -p udp -m udp --dport 3130 -j ACCEPT
#$IPT -A FORWARD -d $PROXY_BOX -s $NET_CAMPUS -p tcp -m state --state NEW -m tcp --dport 3128 -j ACCEPT
#$IPT -A FORWARD -d $PROXY_BOX -s $NET_CAMPUS -p udp -m udp --dport 3128 -j ACCEPT
#$IPT -A FORWARD -d $PROXY_BOX -s $NET_CAMPUS -p tcp -m state --state NEW -m tcp --dport 3130 -j ACCEPT
#$IPT -A FORWARD -d $PROXY_BOX -s $NET_CAMPUS -p udp -m udp --dport 3130 -j ACCEPT
#Jabber (to silver) from anywhere
$IPT -A FORWARD -d 137.44.10.1 -p tcp -m state --state NEW -m tcp --dport 5222 -j ACCEPT
......@@ -498,7 +498,7 @@ $IPT -t nat -A PREROUTING -i $INTERFACE_GUEST -m mark ! --mark 1 -p tcp -m tcp -
$IPT -t nat -A PREROUTING -i $INTERFACE_GUEST -m mark ! --mark 1 -p tcp -m tcp --dport 80 -j DNAT --to 137.44.10.63
# Rest of Transparent Proxy
$IPT -t nat -A PREROUTING ! -i $INTERFACE_OUTSIDE ! -s $PROXY_BOX ! -d $NET_INSIDE -p tcp --dport 80 -m policy --dir in --pol none -j DNAT --to $PROXY_BOX:$PROXY_PORT
#$IPT -t nat -A PREROUTING ! -i $INTERFACE_OUTSIDE ! -s $PROXY_BOX ! -d $NET_INSIDE -p tcp --dport 80 -m policy --dir in --pol none -j DNAT --to $PROXY_BOX:$PROXY_PORT
#
# Outright Blocks on what GuestNET can talk to
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment