El dom, 26 de 09 de 2004 a las 16:27, Jason Opperisano escribiÃ: > On Sun, 2004-09-26 at 01:35, it clown wrote: > > Hi All, > > > > I want to run squid on the same box as iptables.I need to > > setup the client pc's that they have to go through the > > proxy to get to the internet... port 3128.They must not be > > able to by pass the proxy to get internet access.What rule > > do i need to add to iptables to only allow squid to have > > internet access? > > > > I want to give the clients internet access through squid, > > thanks. > > > > Regards > > _____________________________________________________________________ > > For super low premiums ,click here http://www.dialdirect.co.za/quote > > # allow clients to connect to squid proxy > iptables -A INPUT -i $INSIDE_IF -p tcp --syn --dport 3128 -j ACCEPT > > # allow squid to fetch web content > iptables -A OUTPUT -o $OUTSIDE_IF -p tcp --syn --dport 80 -j ACCEPT > > of course--this assumes that you do not allow clients through the > FORWARD chain on port 80. > > -j I'd like to add that if they need the transparent proxy feature they need a rule like this: iptables -t nat -A OUTPUT -A PREROUTING -i $INPUTIP -p tcp \ --dport 80 -j REDIRECT --to-ports 3128 and they need to have the squid proxy properly configured to allow the transparent proxy feature. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
