Hello all, netfilter!
Does the for use Squid with firewall and masq, it need 4 rules, if
default policy is DROP?
eth1 int_ip eth0 ext_ip
| FIREWALL |
1.-->> -->>3.
USER | | INET
4.<<-- SQUID(3128) <<--4.
| |
1.user request It will be:
iptables -t nat -A PREROUTING -i eth1 -s USER -p tcp --dport 80 -j DNAT --to int_ip:3128
2. allow squid to get out from firewall
iptables -A OUTPUT -o eth0 -s ext_ip -p tcp --dport 80 -j ACCEPT
3. allow packets from www server come to squid
iptables -A INPUT -i eth0 -d ext_ip -p tcp --sport 80 -j ACCEPT
4. allow answer squid to user
iptables -A OUTPUT -o eth1 -s int_ip -p tcp --sport 80 -j ACCEPT
Is my head think in rigth direction?
I work on firewall with rule: what is not permited, that DROPED
And i make a rule for every step in long connections.
P.S. i write this rules from my understending of working such local
processes as SQUID. :-) and i can make some mistake in them.
Thanks!
-- σ ΥΧΑΦΕΞΙΕΝ, Leo mailto:leoru@rbcmail.ruReceived on Thu Feb 28 2002 - 14:31:45 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:34 MST