F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
114
Overview of operations:
The following describes how clients connect to servers when F-Secure Internet Gatekeeper for Linux
is set up as a transparent proxy:
1
The client starts a connection to a service port (example 110) of a server (SERVER).
2
Access requests from clients pass through F-Secure Internet Gatekeeper for Linux, which is
placed as a bridge between clients and the NAT (lower-level) router.
3
FSIGK redirects the access request from the client to FSIGK:9110 based on the NAT setting in
iptables and stores the original access destination (SERVER:110).
4
FSIGK listens to the access at VIRUS:9110 and retrieves the access request replaced by iptables.
Afterwards, Internet Gatekeeper retrieves the original destination (SERVER:110), which is stored
in iptables, and sends the access request to the original destination (SERVER:110).
Settings
To use a transparent proxy in bridge mode, configure the network and server associated with
F-Secure Internet Gatekeeper for Linux in the following way:
1 Open the web console. Select Proxy settings. Start up each service in transparent proxy mode:
Proxy settings
HTTP proxy
:
On
Proxy port
:
9080
Transparent proxy
:
On
SMTP proxy
:
On
Proxy port
:
9025
Transparent proxy
:
On
POP proxy
:
On
Proxy port
:
9110
Transparent proxy
:
On
FTP proxy
:
On
Proxy port
:
9021
Transparent proxy
:
On
After configuring the settings, check that the client can access the port of each service (9080, 9025,
9110, 9021) on Internet Gatekeeper.
2 If you use Linux kernel 2.4, apply a patch to the kernel and recompile with the following settings. If
you use Linux kernel 2.6, you do not need to perform the following steps (recompiling the kernel).