On Thursday 20 May 2004 9:45 pm, azeem ahmad wrote:
> i m running iptables, squid proxy, bind, and samba on same machine. it
> works as a server for my LAN
> the script that i ran is as follow but when i stat these rules the browsing
> stops. the squid proxy is listening on port 8080. what can be the problem.
>
> iptables -P INPUT DROP [ correction from your later posting ]
> iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
> iptables -A INPUT -i eth0 -p udp --dport 8080 -j ACCEPT
> iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
> iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT
> iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT
> iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT
Squid may be listening on port 8080, but what about the replies it gets from
remote web servers after it sends out a request on port 80?
I think you need a "reply packet" rule here:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
I recommend you put this rule at the top of the list.
Regards,
Antony.
--
Most people have more than the average number of legs.
Please reply to the list;
please don't CC me.
