> # DNS > $IPT -A INPUT -i $INT -p udp --dport 53 -j ACCEPT is this machine a caching DNS server? > ### OUTPUT chain > # The only thing doing output on this box are proxy > # servers, and the occasional SSH and HTTP for > # testing. > # SQUID proxy, and local HTTP requests. > $IPT -A OUTPUT -p tcp --dport 80 -j ACCEPT > > # SSH > $IPT -A OUTPUT -p tcp --dport 22 -j ACCEPT > > ### FORWARD chain > > $IPT -A OUTPUT -p tcp --dport 80 -j ACCEPT > > > # SSH > > $IPT -A OUTPUT -p tcp --dport 22 -j ACCEPT if the answer to my previous question was "yes," you're going to need: $IPT -A OUTPUT -p udp --dport 53 -j ACCEPT if not--you're going to need: $IPT -A FORWARD -i $INT -p udp --dport 53 -j ACCEPT > # Accept anything else that's been established > > $IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > might i also recommend: $IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $IPT -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT (normally i put these as the first rule in each chain rather than the last) another common piece that is absent, that is probably causing your squid redirect to fail: $IPT -A INPUT -i lo -j ACCEPT $IPT -A OUTPUT -o lo -j ACCEPT -j
