You are not logged in.
Hi, I am using a proxy to navigate on internet, and I am trying to setup a firewall that will only let me connect to internet via this proxy:
- if I forgot to turn on the proxy, that I should not be able to connect to internet
- if the proxy was disfunctional (it happened to me with a VPN in the past), then the connection would be cut.
I have done this so far:
ufw default deny outgoing
ufw default deny incoming
ufw allow from 149.XXX.XXX.XXX # (the address of the proxy)
ufw allow to 149.XXX.XXX.XXXAs soon as I do
ufw enablewhen the proxy is turned off, it does cut all connections.
When I turn on the proxy, the connections are still blocked.
BUT if I disable the firewall:
ufw disablethen I get prompted with my username and password for the proxy.
Once I have typed these, I can enable the firewall, and all the connections work.
So it works, BUT on my first connection with the proxy I need to disable the firewall, in order to get prompted for credentials.
Is there a way around this?
I guess this indicates that my first connection to the proxy is not a connection "to 149.XXX.XXX.XXX". Why? How can I identify this first connection, in order to "allow" it?
Last edited by mascip (2015-03-01 21:08:14)
Offline
Your fault is in
ufw default deny outgoingI would suggest you two options:
Option 1:
Configure a static ip (use the proxy one) in your network manager
Option 2:
Deploy some squid server or use some spare pc with 2 NIC's (bond them).
Offline
Thank you for your answer aaroncaffrey!
You made me read more on the subject, and I'm going to follow a variant of your second advice, and use privoxy + polipo (what is advised in the Archwiki).
I'm still hoping to be able to configure ufw in that way, just as an additional security layer, in case one of the 3 proxies failed, or if I disabled them by mistake or something.
Is there no way for me to identify where the 1st request is sent, so I could then allow it?
Offline