Hello, this is my /etc/sysconfig/iptables of my router (br0 is LAN, eth1 is WAN): <BEGIN> # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] # Establish NAT -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source #WANIP# COMMIT *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] # Restricted host: extra chain -N RESTRICT-HOST -A RESTRICT-HOST -p icmp -j ACCEPT -A RESTRICT-HOST -p udp --dport 123 -j ACCEPT -A RESTRICT-HOST -p udp --sport 32769:65535 --dport 33434:33523 -j ACCEPT -A RESTRICT-HOST -j LOG --log-prefix "IP[FWD-ANY(out)]: " --log-level 7 -A RESTRICT-HOST -j REJECT # Filter all packets with state INVALID -A INPUT -m state --state INVALID -j DROP -A FORWARD -m state --state INVALID -j DROP -A OUTPUT -m state --state INVALID -j DROP # Allow multicast -A INPUT -d 224.0.0.0/4 -j ACCEPT -A OUTPUT -d 224.0.0.0/4 -j ACCEPT # Allow anything on the local link -A INPUT -i lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT # Allow anything out on LAN -A OUTPUT -o br0 -j ACCEPT # Allow established, related packets back in -A INPUT -i br0 -m state --state ESTABLISHED,RELATED -j ACCEPT # Enable DHCP for LAN -A INPUT -i br0 -m udp -p udp --sport 67:68 --dport 67:68 -j ACCEPT # Enable DNS-Cache for LAN -A INPUT -i br0 -m tcp -p tcp --dport 53 -m state --state NEW -j ACCEPT -A INPUT -i br0 -m udp -p udp --dport 53 -j ACCEPT # Enable SSH from LAN -A INPUT -i br0 -m tcp -p tcp --dport 22 -m state --state NEW -j ACCEPT # Enable HTTP/HTTPS from LAN (some gui interface) -A INPUT -i br0 -m tcp -p tcp --dport 80 -m state --state NEW -j ACCEPT -A INPUT -i br0 -m tcp -p tcp --dport 443 -m state --state NEW -j ACCEPT # Enable Squid-Proxy from LAN -A INPUT -i br0 -m tcp -p tcp --dport 3128 -m state --state NEW -j ACCEPT # Allow anything out on internet -A OUTPUT -o eth1 -j ACCEPT # Allow established, related packets back in -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT # Restricted Host: My PC (192.168.1.100) -A FORWARD -i br0 -o eth1 -s 192.168.1.100 -j RESTRICT-HOST # Allow Forwarding to WAN interface -A FORWARD -i br0 -o eth1 -j ACCEPT # Allow established, related packets back through -A FORWARD -i eth1 -o br0 -m state --state ESTABLISHED,RELATED -j ACCEPT # Only the lan is allowed to ping me without restriction -A INPUT -i br0 -p icmp -j ACCEPT # Else only pings with restricted icmp are allowed -A INPUT -i eth1 -p icmp -m limit --limit 2/sec --limit-burst 4 -j ACCEPT # Enable TRACEroute to me from LAN -A INPUT -i br0 -p udp --sport 32769:65535 --dport 33434:33523 -j ACCEPT # Enable TRACEroute to me from internet -A INPUT -i eth1 -p udp --sport 32769:65535 --dport 33434:33523 -j ACCEPT # Log all other -A INPUT -j LOG --log-prefix "IP[IN]: " --log-level 7 -A FORWARD -j LOG --log-prefix "IP[FWD]: " --log-level 7104.16.91.188 -A OUTPUT -j LOG --log-prefix "IP[OUT]: " --log-level 7 COMMIT </END> I regularly see in the log that HTTP traffic to these IPs - 104.16.89.188 - 104.16.90.188 - 104.16.91.188 - 104.16.92.188 - 104.16.93.188is there a way to redirect these packets through the squid-proxy running on the router?
or any other way to get to know what is causing these traffic? Thanks, Walter
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
