Re: Squid and mail...

To: debian-user@lists.debian.org
Subject: Re: Squid and mail...
From: Rob Weir <rweir@ertius.org>
Date: Thu, 20 Feb 2003 21:33:37 +1100
Message-id: <[🔎] 20030220103337.GC10514@thebox.bloog.ddts.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20030218024349.16309.qmail@mail.supereva.it>
References: <[🔎] 20030218024349.16309.qmail@mail.supereva.it>

[Please wrap your lines!  It makes it much easier to read, and thus more likely
that you'll get a response.  Anywhere between 70 and 80 is acceptable; 72 seems
to be a nice value.]

On Tue, Feb 18, 2003 at 02:43:49AM -0000, vdemart@supereva.it wrote:
> 
> Under debian 3 I've set up a small server working as a router of a dsl connection. For this reason I have a firewall like this:
> .............
> IPTABLES=/sbin/iptables
> DEPMOD=/sbin/depmod
> INSMOD=/sbin/modprobe
> EXTIF="ppp0"
> INTIF="eth1"
> .........
> echo "1" > /proc/sys/net/ipv4/ip_forward
> echo "1" > /proc/sys/net/ipv4/ip_dynaddr
> $IPTABLES -P INPUT ACCEPT
> $IPTABLES -F INPUT 
> $IPTABLES -P OUTPUT ACCEPT
> $IPTABLES -F OUTPUT 
> $IPTABLES -P FORWARD DROP
> $IPTABLES -F FORWARD 
> $IPTABLES -t nat -F
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
> $IPTABLES -A FORWARD -j LOG
> $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

> 
> Now, I want to protect the internet connection from access to any
> undesired site (children, you know?) but at the same time I'd like to
> continue receiving my mail and frequenting newsgroups.  I've been
> trying to set up squid on the same server but I couldn't no any longer
> access my pop3, stmp and the NGs (putting of course echo "0" >
> /proc/sys/net/ipv4/ip_forward) from the client.  

Squid is only an HTTP (and sometimes SSL/HTTP and FTP) proxy, it doesn't
know about any of those other protocols.  A socks proxy (in addition to
squid) would work better.  Or you could just leave ip forwarding enabled
and transparently proxy port 80, but that's considered Evil.  Google
will be able to help you with both 'socks proxy' (as will apt-cache
search) and 'transparent proxy squid iptables'.

> Being a bit unexperienced could you please give me detailded
> instructions on how to succeed in my purpose?

It'd take a while and I'd still not do as good a job as other people
already have; google knows all :)

-- 
Rob Weir <rweir@ertius.org>				http://ertius.org/

Attachment: pgpkCoJBQi9KW.pgp
Description: PGP signature

Reply to:

References:
- Squid and mail...
  - From: vdemart@supereva.it

Prev by Date: Re: FTP active getting blocked [solved]
Next by Date: debian for s/390
Previous by thread: Squid and mail...
Next by thread: IP's
Index(es):
- Date
- Thread