Dario Pilori ha scritto: > 2009/1/4 Roberto Macchetta <roby.program...@fastwebnet.it>: > >> [cut >> Cambia queste due regole nella regola: >> iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j REDIRECT >> --to-port $SQUID_PORT >> >> E aggiungi la regola >> iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT >>
ciao ho modificato lo script cosi' come mi hai indicato : #!/bin/sh # squid server IP SQUID_SERVER="192.168.0.1" # Interface connected to Internet INTERNET="eth0" # Interface connected to LAN LAN_IN="eth1" # Squid port SQUID_PORT="3128" # DO NOT MODIFY BELOW # Clean old firewall iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # Load IPTABLES modules for NAT and IP conntrack support modprobe ip_conntrack modprobe ip_conntrack_ftp # For win xp ftp client #modprobe ip_nat_ftp echo 1 > /proc/sys/net/ipv4/ip_forward # Setting default filter policy iptables -P INPUT DROP iptables -P OUTPUT ACCEPT # Unlimited access to loop back iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Allow UDP, DNS and Passive FTP iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT # set this system as a router for Rest of LAN iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT # unlimited access to LAN iptables -A INPUT -i $LAN_IN -j ACCEPT iptables -A OUTPUT -o $LAN_IN -j ACCEPT # DNAT port 80 request comming from LAN systems to squid 3128 #($SQUID_PORT) aka transparent proxy #iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT # if it is same system #iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT # presa dal ng #iptables -t nat -A POSTROUTING -o $INTERNET -j MASQUERADE iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # DROP everything and Log it iptables -A INPUT -j LOG iptables -A INPUT -j DROP ho eseguito lo script e poi ho provato sul portatile a connettermi, ma non funziona ancora, e' come prima, devo sempre impostare il proxy a mano, vi serve che posti qualche file di configurazione (output di iptables o quant'altro)? non capisco perche' non va... -- Nobuteru Linux Registered User #368935 since 01-10-2004 Powered by Debian Lenny GPG Key fingerprint 0061 6CE8 02EB 0CAA 16E2 7ECD 1AC4 32A2 C30B A8ED Jabber ID nobut...@jabber.org -- Per REVOCARE l'iscrizione alla lista, inviare un email a debian-italian-requ...@lists.debian.org con oggetto "unsubscribe". Per problemi inviare un email in INGLESE a listmas...@lists.debian.org To UNSUBSCRIBE, email to debian-italian-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org