Skip to content

Instantly share code, notes, and snippets.

@dannysauer

dannysauer/summary.md

Last active October 29, 2019 13:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dannysauer/3c67856bc70785065216770f2cf25ae1 to your computer and use it in GitHub Desktop.
Save dannysauer/3c67856bc70785065216770f2cf25ae1 to your computer and use it in GitHub Desktop.
Download ZIP
testing with proxy
Raw
summary.md
  1. Set up a virtual network that uses nat
  2. Build machines using that network
  3. Figure out what bridge device this network is using (my example is "hundrednet")
    1. virsh net-info hundrednet | grep -i bridge
  4. Configure that network to only communicate internally and to the proxy
    1. sudo iptables -L FORWARD --line-numbers --verbose
    2. find the line for this network like 7 66 7322 ACCEPT all -- virbr2 any 192.168.100.0/24 anywhere
    3. replace that line (line 7 in the example) with one that only accepts traffic to the proxy: sudo iptables -R FORWARD 7 -i virbr2 -s 192.168.100.0/24 -p tcp --dport 3128 -j ACCEPT Note that this uses the same input interface (-i), the same source range (-s), and adds TCP protocol and destination port 3128
    4. Verify the new rule: sudo iptables -L FORWARD --line-numbers -n
  5. set up the proxy (redirect stdin like </dev/null suppresses the "log out to apply" prompts)
    1. sudo yast2 proxy set http="http://192.168.0.16:3128" https="http://192.168.0.16:3128"
    2. sudo yast2 proxy enable
    3. sudo yast2 proxy summary
  6. log out and log back in (or just source /etc/profile.d/profile.sh) to set the proxy environment variables
  7. test a web page using something like curl --head https://www.suse.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment