On Wed, Dec 15, 2004 at 05:15:02AM -0300, Guillermo Javier Nardoni
wrote:
> iptables -t nat -A PREROUTING -p TCP --dport 80 -j REDIRECT --to-port
> 3128
this is your problem. if your intent is to redirect internal users to a
transparent proxy--specify the internal interface:
iptables -t nat -A PREROUTING -i $IF_LAN -p TCP --dport 80 \
-j REDIRECT --to-port 3128
without specifying the internal interface--your external port 80
requests will be redirected to the proxy as well (this may or may not be
what you want--sounds like it's not).
> #iptables -A INPUT -p tcp --dport 80 -i $IF_WLAN -j AACEPT
fix the typo and uncomment that to allow access to port 80 on the
firewall from the outside:
iptables -A INPUT -p tcp --dport 80 -i $IF_WLAN -j ACCEPT
> iptables -A INPUT -i ppp0 -j ACCEPT
you really think that's a good idea?
> iptables -A INPUT -p tcp --dport 22 -j ACCEPT
>
> iptables -A INPUT -p tcp --dport 21 -j ACCEPT
>
> iptables -A INPUT -p tcp --dport 23 -j ACCEPT
>
> iptables -A INPUT -p tcp --dport 80 -j ACCEPT
a lot of this seems repetitive...
> echo " Logging & Dropping..."
>
> iptables -A INPUT -p tcp -j LOG -m limit --log-prefix "FILTER
> TCP-BAD-IN:"
>
> iptables -A INPUT -p tcp -j DROP
>
> iptables -A INPUT -p udp -j LOG -m limit --log-prefix "FILTER
> UDP-BAD-IN:"
>
> iptables -A INPUT -p udp -j DROP
>
> iptables -A INPUT -j LOG -m limit --log-prefix "FILTER
> UNKNOWN-BAD-IN:"
>
> iptables -A INPUT -j DROP
since you've already accepted everything--you won't be doing much
dropping here...
-j
--
"Call this an unfair generalization if you must, but old people are
no good at everything."
--The Simpsons
