Hello, Why not run squid only on the internal interface .. can you not provide squid with the IP or interface to listen on ? Also iptables -A INPUT -i external_interface -p tcp --dport 3128 -j DROP should do the trick .... if you set a default policy to DROP and only pass the things you want. That would be better :) iptables --policy INPUT ACCEPT iptables --policy OUTPUT ACCEPT iptables --policy FORWARD ACCEPT Michael. On Wed, 10 Dec 2003 15:45:52 -0800 "Bryan Dyson" <lan_administrator@xxxxxxxxxxxxxx> wrote: > > Hi folks, > > I've got my iptables setup and working with one small glitch. My ISP > says I'm an open proxy. > What I'm trying to do is set a rule in iptables that will drop port 3128 > requests coming from the outside but still allow my internal network to > use the proxy on this port. > I've tried the following, but they seem to shut down routing of e-mail > from the internal mail server: > > -A PREROUTING -I eth1 -p tcp -m tcp --dport 3128 -j DROP > And > -A PREROUTING -I x.x.x.x (public IP) -p tcp -m -tcp --dport 3128 -j DROP > > > If anyone could help I'd appreciate it. > > Bryan Dyson > LAN/db Administrator > Solana Beach Presbyterian Church > 858-509-2580 > Shelby 5.4.1472 > > > -- Michael Gale Network Administrator Utilitran Corporation
