Henrik Nordstrom wrote: > On Thu, 12 May 2005, Chris Robertson wrote: > >>> I need a rule in Iptables to block that port from external inquiry, only >>> Squid, on the same machine, should be able to see it. How do I do that? >> >> Something like: >> >> iptables -A INPUT -i eth0 --dport 3128 -j REJECT > > Good except that it for practical reasons need to go into the nat table > just before the REDIRECT rule.. > > iptables -t nat -I PREROUTING -i eth0 --dport 3128 -j DROP > > Regards > Henrik Thank you for your answer Henrik. OK, so I now have this: #redirect to squid iptables -t nat -I PREROUTING -i eth1 -p TCP --dport 3128 -j DROP iptables -A PREROUTING -t nat -p TCP --dport 80 -j REDIRECT --to-port 3128 I inserted a "-p TCP", otherwise I get an error. I also changed -I to -A, but in either case I still get 3128/tcp filtered squid-http when I run nmap from another machine. I want 3128 to be invisible. Thanks, Niels
