Re: Help with iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

	Why not run squid only on the internal interface .. can you not provide squid with the IP or interface to listen on ?

Also iptables -A INPUT -i external_interface -p tcp --dport 3128 -j DROP

should do the trick .... if you set a default policy to DROP and only pass the things you want. That would be better :)

iptables --policy INPUT ACCEPT
iptables --policy OUTPUT ACCEPT
iptables --policy FORWARD ACCEPT 

Michael.


On Wed, 10 Dec 2003 15:45:52 -0800
"Bryan Dyson" <lan_administrator@xxxxxxxxxxxxxx> wrote:

> 
> Hi folks,
> 
> I've got my iptables setup and working with one small glitch. My ISP
> says I'm an open proxy.
> What I'm trying to do is set a rule in iptables that will drop port 3128
> requests coming from the outside but still allow my internal network to
> use the proxy on this port.
> I've tried the following, but they seem to shut down routing of e-mail
> from the internal mail server:
> 
> -A PREROUTING -I eth1 -p tcp -m tcp --dport 3128 -j DROP
> And
> -A PREROUTING -I x.x.x.x (public IP) -p tcp -m -tcp --dport 3128 -j DROP
> 
> 
> If anyone could help I'd appreciate it.
> 
> Bryan Dyson
> LAN/db Administrator
> Solana Beach Presbyterian Church
> 858-509-2580
> Shelby 5.4.1472
> 
> 
> 


-- 
Michael Gale
Network Administrator
Utilitran Corporation


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux