On Thu, Aug 02, 2007 at 02:26:07PM -0300, Harlei Liguori wrote: > My current rule set test is: > > #!/bin/bash > > ### Libera rede interna ### > iptables -A INPUT -s 10.15.192.0/22 -p tcp --dport 3128 -j ACCEPT > > ### Libera acesso SSH ### > iptables -A INPUT -s 10.15.192.7 -p tcp --dport 22 -j ACCEPT > > ### Bloqueia demais acessos ### > iptables -A INPUT -j DROP > iptables -A FORWARD -j DROP > > it is only to try allow the access on tcp port 3128 and the ssh port 22 and > drop all other ports, but, it does not work... > Let's start with that : iptables -A INPUT -m RELATED, ESTABLISHED -j ACCEPT iptables -A OUTPUT -m RELATED,ESTABLISHED -j ACCEPT Assuming you are running squid as a transparent proxy for http traffic only. First of all, you have to redirect web traffic to port 3128. iptables -t nat -A PREROUTING -p tcp \ --dport 80 REDIRECT --to-port 3128 Then, you have to allow incoming traffic to port 3128 since web traffic is redirected here. iptables -A INPUT -p tcp --syn --dport 3128 -j ACCEPT At the end, you have to allow outgoing traffic from your proxy to Internet : iptables -A OUTPUT -p tcp --syn --dport 80 -j ACCEPT Thie is just an example, as I did not care about interfaces. Hope it helps. -- Franck Joncourt http://www.debian.org - http://smhteam.info/wiki/ GPG server : pgpkeys.mit.edu Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE
Attachment:
signature.asc
Description: Digital signature