RE: Iptables squid and windows update :-(

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Just for a test run netstat -an on one of the clients while it's scanning
and see if it's using a diff port or something. Post the results.

-----Original Message-----
From: Harry Hoffman [mailto:hhoffman@xxxxxxxxxxxxxxxx] 
Sent: Wednesday, January 14, 2004 4:44 PM
To: Red Hat Support List
Subject: Iptables squid and windows update :-(


Hi Everyone,

I'm setting up a proxy using:

RH9.0, squid, squidGuard, and iptables to transparently proxy my users. For
the
most part is works well. If the domains aren't in the allowed list then the
request gets proxied to a local webserver with a page explaining why.

However, I would like my users to get out to windowsupdate.microsoft.com,
and
currently they can. But when they click on the "Scan for updates" button the
page displays "Scanning for updates...0% complete" and just hangs.

Below are my iptables rules from an iptables-save. If anyone can help I'd
greatly appreciate it :-)

# Generated by iptables-save v1.2.7a on Wed Jan 14 11:47:58 2004
*nat
:PREROUTING ACCEPT [2666:431887]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i eth1 -p tcp -m tcp -m multiport --dports 80,443 -j REDIRECT
--to-port 3128
-A POSTROUTING -o eth2 -j MASQUERADE
COMMIT
# Completed on Wed Jan 14 11:47:58 2004
# Generated by iptables-save v1.2.7a on Wed Jan 14 11:47:58 2004
*filter
:INPUT DROP [18429:3078459]
:FORWARD DROP [94:35034]
:OUTPUT DROP [7:532]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 3128 -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o eth2 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Wed Jan 14 11:47:58 2004


Thanks,
Harry

-- 
Harry Hoffman
hhoffman@xxxxxxxxxxxxxxxx

#----------------------------------------------------------------#
# Harry: version 4.0a                                            #
# Known bugs:                                                    #
# 1) Verbal output may occur before data processing is complete. #
# 2) Loudspeaker option may activate without being invoked.      #
# 3) Other bugs as reported                                      #
#----------------------------------------------------------------#

-------------------------------------------------
This mail sent through IpSolutions: http://www.ip-solutions.net/


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux