- Set up a virtual network that uses nat
- Build machines using that network
- Figure out what bridge device this network is using (my example is "hundrednet")
virsh net-info hundrednet | grep -i bridge
- Configure that network to only communicate internally and to the proxy
sudo iptables -L FORWARD --line-numbers --verbose
- find the line for this network like
7 66 7322 ACCEPT all -- virbr2 any 192.168.100.0/24 anywhere
- replace that line (line 7 in the example) with one that only accepts traffic to the proxy:
sudo iptables -R FORWARD 7 -i virbr2 -s 192.168.100.0/24 -p tcp --dport 3128 -j ACCEPT
Note that this uses the same input interface (-i
), the same source range (-s
), and adds TCP protocol and destination port 3128 - Verify the new rule:
sudo iptables -L FORWARD --line-numbers -n
- set up the proxy (redirect stdin like
</dev/null
suppresses the "log out to apply" prompts)sudo yast2 proxy set http="http://192.168.0.16:3128" https="http://192.168.0.16:3128"
sudo yast2 proxy enable
sudo yast2 proxy summary
- log out and log back in (or just
source /etc/profile.d/profile.sh
) to set the proxy environment variables - test a web page using something like
curl --head https://www.suse.com
Last active
October 29, 2019 13:49
-
-
Save dannysauer/3c67856bc70785065216770f2cf25ae1 to your computer and use it in GitHub Desktop.
testing with proxy
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment