> My current rule set test is:
>
> #!/bin/bash
>
> ### Libera rede interna ###
> iptables -A INPUT -s 10.15.192.0/22 -p tcp --dport 3128 -j ACCEPT
>
> ### Libera acesso SSH ###
> iptables -A INPUT -s 10.15.192.7 -p tcp --dport 22 -j ACCEPT
>
> ### Bloqueia demais acessos ###
> iptables -A INPUT -j DROP
> iptables -A FORWARD -j DROP
>
> it is only to try allow the access on tcp port 3128 and the ssh port 22 and
> drop all other ports, but, it does not work...
>
Let's start with that :
iptables -A INPUT -m RELATED, ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m RELATED,ESTABLISHED -j ACCEPT
Assuming you are running squid as a transparent proxy for http traffic
only.
First of all, you have to redirect web traffic to port 3128.
iptables -t nat -A PREROUTING -p tcp \
--dport 80 REDIRECT --to-port 3128
Then, you have to allow incoming traffic to port 3128 since web traffic
is redirected here.
iptables -A INPUT -p tcp --syn --dport 3128 -j ACCEPT
At the end, you have to allow outgoing traffic from your proxy to
Internet :
iptables -A OUTPUT -p tcp --syn --dport 80 -j ACCEPT
Thie is just an example, as I did not care about interfaces.
Hope it helps.
--
Franck Joncourt
http://www.debian.org - http://smhteam.info/wiki/
GPG server : pgpkeys.mit.edu
Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE
No comments:
Post a Comment