Setting up the public portal from a virtual appliance in router mode

Published on March 20, 2023Modified on March 21, 2023

Context

As of the end of 2021, Olfeo will no longer be selling physical appliances. In order to set up a public portal, it is now necessary to implement it in router mode or in ICAP coupling mode. This article focuses on router mode.

Setting up Olfeo

NAT and ROUTING redirection

We have provided a shell script that performs the following actions:

  • Deletes existing iptables rules from olfeo.
  • Enables routing.
  • Performs HTTP redirections on port 3131 (this port can be adapted to suit your environment).
  • The "eth0" interface must be modified if you are using another interface.
#!/bin/sh
#clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --append FORWARD --in-interface eth1 -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A OUTPUT -o eth0 -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3131

You need to copy this script into a file with the name you want in the olfeo chroot, then make it executable using the command :

chmod +x le/chemin/de/votre/fichier