On Sun, 2004-09-26 at 01:35, it clown wrote: > Hi All, > > I want to run squid on the same box as iptables.I need to > setup the client pc's that they have to go through the > proxy to get to the internet... port 3128.They must not be > able to by pass the proxy to get internet access.What rule > do i need to add to iptables to only allow squid to have > internet access? > > I want to give the clients internet access through squid, > thanks. > > Regards > _____________________________________________________________________ > For super low premiums ,click here http://www.dialdirect.co.za/quote # allow clients to connect to squid proxy iptables -A INPUT -i $INSIDE_IF -p tcp --syn --dport 3128 -j ACCEPT # allow squid to fetch web content iptables -A OUTPUT -o $OUTSIDE_IF -p tcp --syn --dport 80 -j ACCEPT of course--this assumes that you do not allow clients through the FORWARD chain on port 80. -j disclaimer: the rules contained in this message are meant to illustrate the requested functionality only, and not intended as a recommendation of best practices. never execute any commands without fully understanding the implications. -- Jason Opperisano <opie@xxxxxxxxxxx>
