Just for a test run netstat -an on one of the clients while it's scanning and see if it's using a diff port or something. Post the results. -----Original Message----- From: Harry Hoffman [mailto:hhoffman@xxxxxxxxxxxxxxxx] Sent: Wednesday, January 14, 2004 4:44 PM To: Red Hat Support List Subject: Iptables squid and windows update :-( Hi Everyone, I'm setting up a proxy using: RH9.0, squid, squidGuard, and iptables to transparently proxy my users. For the most part is works well. If the domains aren't in the allowed list then the request gets proxied to a local webserver with a page explaining why. However, I would like my users to get out to windowsupdate.microsoft.com, and currently they can. But when they click on the "Scan for updates" button the page displays "Scanning for updates...0% complete" and just hangs. Below are my iptables rules from an iptables-save. If anyone can help I'd greatly appreciate it :-) # Generated by iptables-save v1.2.7a on Wed Jan 14 11:47:58 2004 *nat :PREROUTING ACCEPT [2666:431887] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -i eth1 -p tcp -m tcp -m multiport --dports 80,443 -j REDIRECT --to-port 3128 -A POSTROUTING -o eth2 -j MASQUERADE COMMIT # Completed on Wed Jan 14 11:47:58 2004 # Generated by iptables-save v1.2.7a on Wed Jan 14 11:47:58 2004 *filter :INPUT DROP [18429:3078459] :FORWARD DROP [94:35034] :OUTPUT DROP [7:532] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -i eth1 -p tcp -m tcp --dport 3128 -j ACCEPT -A INPUT -m state --state INVALID -j DROP -A OUTPUT -o lo -j ACCEPT -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o eth2 -p udp -m udp --dport 53 -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Wed Jan 14 11:47:58 2004 Thanks, Harry -- Harry Hoffman hhoffman@xxxxxxxxxxxxxxxx #----------------------------------------------------------------# # Harry: version 4.0a # # Known bugs: # # 1) Verbal output may occur before data processing is complete. # # 2) Loudspeaker option may activate without being invoked. # # 3) Other bugs as reported # #----------------------------------------------------------------# ------------------------------------------------- This mail sent through IpSolutions: http://www.ip-solutions.net/ -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list