Hi all, This is my problem! ERROR The requested URL could not be retrieved ---------------------------------------------------------------------------- ---- While trying to retrieve the URL: http://www.localhost.com.br/ The following error was encountered: Connection Failed The system returned: (111) Connection refused The remote host or network may be down. Please try the request again. Your cache administrator is root. ERROR in Log squid. 1035311411.554 10 123.0.0.1 TCP_MISS/503 999 GET http://www.domain_localhost.com.br/ - NONE/- - I don't know correct this problem, please report me what you think about this. Thanks in advance Eugenio [root@IMIDIA /root]# cat iptables.txt # Generated by iptables-save v1.2.1a on Fri Sep 13 12:35:05 2002 *mangle :PREROUTING ACCEPT [26633:4815741] :OUTPUT ACCEPT [625:95729] COMMIT # Completed on Fri Sep 13 12:35:05 2002 # Generated by iptables-save v1.2.1a on Fri Sep 13 12:35:05 2002 *filter :INPUT DROP [55:8112] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -s 127.0.0.1 -i lo -j ACCEPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -s 0/0 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -s 0/0 -p tcp -m tcp --sport 80 -j ACCEPT -A INPUT -s 0/0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -s 0/0 -p tcp -m tcp --sport 53 -j ACCEPT -A INPUT -s 0/0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -s 0/0 -p udp -m udp --sport 53 -j ACCEPT -A FORWARD -m unclean -j LOG -A FORWARD -m unclean -j DROP -A FORWARD -p icmp -m icmp --icmp-type 8 -j LOG -A FORWARD -p icmp -m icmp --icmp-type 8 -j DROP -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -A FORWARD -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j ACCEPT -A FORWARD -p tcp -m tcp --dport 80 -j ACCEPT -A FORWARD -p tcp -m tcp --sport 80 -j ACCEPT -A FORWARD -p tcp -m tcp --dport rsync -j ACCEPT -A FORWARD -p tcp -m tcp --sport rsync -j ACCEPT -A FORWARD -p tcp -m tcp --dport 25 -j ACCEPT -A FORWARD -p tcp -m tcp --sport 25 -j ACCEPT -A FORWARD -p tcp -m tcp --dport 110 -j ACCEPT -A FORWARD -p tcp -m tcp --sport 110 -j ACCEPT -A FORWARD -p tcp -m tcp --dport 443 -j ACCEPT -A FORWARD -p tcp -m tcp --sport 443 -j ACCEPT -A FORWARD -p tcp -m tcp --dport 21 -j ACCEPT -A FORWARD -p tcp -m tcp --sport 21 -j ACCEPT -A FORWARD -p tcp -m tcp --dport 20 -j ACCEPT -A FORWARD -p tcp -m tcp --sport 20 -j ACCEPT -A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT -A FORWARD -p tcp -m tcp --sport 53 -j ACCEPT -A FORWARD -p udp -m udp --dport 53 -j ACCEPT -A FORWARD -p udp -m udp --sport 53 -j ACCEPT -A FORWARD -p tcp -m tcp --dport 22 -j ACCEPT -A FORWARD -p tcp -m tcp --sport 22 -j ACCEPT # saida -A OUTPUT -s 127.0.0.1 -j ACCEPT -A OUTPUT -s 123.0.0.10 -j ACCEPT -A OUTPUT -s 200.0.2.190 -j ACCEPT -A OUTPUT -d 0/0 -p tcp -m tcp --dport 53 -j ACCEPT -A OUTPUT -d 0/0 -p tcp -m tcp --dport 80 -j ACCEPT -A OUTPUT -p icmp -m state --state INVALID -j LOG -A OUTPUT -p icmp -m state --state INVALID -j DROP COMMIT # Completed on Fri Sep 13 12:35:05 2002 # Generated by iptables-save v1.2.1a on Fri Sep 13 12:35:05 2002 *nat :PREROUTING ACCEPT [1192:75377] :POSTROUTING ACCEPT [17:863] :OUTPUT ACCEPT [2:136] # Redirecionamento do trafego local para o servidor squid, controle do conteudo. -A PREROUTING -s 123.0.0.10 -p tcp -m tcp --dport 80 -j DNAT --to-destination 123.0.0.11:3128 # Redirecionamento do Trafego web da Internet para o servidor web. -A PREROUTING -d 200.0.2.190 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 123.0.0.18 # Criando uma rota de ENTRADA para os e-mails. -A PREROUTING -d 200.0.2.190 -i eth0 -p tcp -m tcp --dport 25 -j DNAT --to-destination 123.0.0.11 # Criando uma rota de ENTRADA para DNS -A PREROUTING -d 200.0.2.190 -i eth0 -p tcp -m tcp --dport 53 -j DNAT --to-destination 123.0.0.11 # Criando uma rota de ENTRADA para DNS -A PREROUTING -d 200.0.2.190 -i eth0 -p udp -m udp --dport 53 -j DNAT --to-destination 123.0.0.11 # Criando uma rota de ENTRADA para o acesso FTP. # -A PREROUTING -d 200.0.2.190 -i eth0 -p tcp -m tcp --dport 21 -j DNAT --to-destination 123.0.0.18 # Criando uma rota de SAIDA para os e-mails. Atencao, essa rota pode permitir # acao de SPAMMERS, acaso o sendmail nao estiver corretamente fechado. -A PREROUTING -d 200.0.2.190 -i eth0 -p tcp -m tcp --dport 110 -j DNAT --to-destination 123.0.0.11 # Trafego de LOCAL de saida para INTERNET via SQUID. -A POSTROUTING -s 123.0.0.11 -o eth0 -j MASQUERADE # Trafego de saida para INTERNET de todos os protocolos exceto o Tcp/IP 80 rede LOCAL. -A POSTROUTING -s 123.0.0.0/255.255.255.0 -o eth0 -p tcp -m tcp ! --dport 80 -j MASQUERADE COMMIT # Completed on Fri Sep 13 12:35:05 2002 [root@IMIDIA /root]#
