Hi to all,
I have this Zentyal configuration
root@zentyal:~# dpkg -l | grep "zentyal-"
ii zentyal-antivirus 3.0 Zentyal - Antivirus
ii zentyal-bwmonitor 3.0.1 Zentyal - Bandwidth Monitor
ii zentyal-ca 3.0.2 Zentyal - Certification Authority
ii zentyal-common 3.0.5 Zentyal - Common Library
ii zentyal-core 3.0.10 Zentyal - Core
ii zentyal-dns 3.0.4 Zentyal - DNS Service
ii zentyal-firewall 3.0.1 Zentyal - Firewall
ii zentyal-ids 3.0.1 Zentyal - Intrusion Detection System
ii zentyal-monitor 3.0.2 Zentyal - Monitor
ii zentyal-network 3.0.1 Zentyal - Network Configuration
ii zentyal-ntp 3.0 Zentyal - NTP Service
ii zentyal-objects 3.0 Zentyal - Network Objects
ii zentyal-openvpn 3.0.2 Zentyal - VPN Service
ii zentyal-remoteservices 3.0.12 Zentyal - Cloud Client
ii zentyal-services 3.0.1 Zentyal - Network Services
ii zentyal-software 3.0.3 Zentyal - Software Management
ii zentyal-squid 3.0.3 Zentyal - HTTP Proxy (Cache and Filter)
ii zentyal-trafficshaping 3.0 Zentyal - Traffic Shaping
ii zentyal-users 3.0.7 Zentyal - Users and Groups
I need to configure the internal networks roules as any client can't access to any TCP/UDP ports and share only internet connection trought the squid modules over the TCP port 3128; if I scan from all internal network client I always see the 3128 TCP port
Starting Nmap 5.51 (
http://nmap.org ) at 2013-01-18 09:10 ora solare Europa occidentale
Nmap scan report for xxxx.xxxx.xxxx.xxxx
Host is up (0.00s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
3128/tcp open squid-http
MAC Address: xx:xx:xx:xx:xx:xx(Hewlett Packard)
Nmap done: 1 IP address (1 host up) scanned in 21.52 seconds
In this report is announced the squid port, but I don't want to show this ! I would filter from the firewall the squid proxy TCP port.
I have tried to specify in the firewall roules a DENY for the 3128 TCP, but it's seems to be that the squid module is before the firewall.
If I move the port to other one is the same result.
The Squid TCP port is always announced on the
eth0.
I can mask the access on the squid proxy using the access filter in the
HTTP Proxy -> Access rules, but I need also to mask the squid port.
There is a way to resolve this?
Best Regards