|
Hi
It's been a while I try to install iptables with
transparent proxy but it is not working.
I installed iptables thats ok but I need
transparent proxy cause I have few http servers.
Here is the resaults of: iptables -t nat -L
Chain PREROUTING (policy
ACCEPT)
target prot opt source destination REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128 Chain POSTROUTING (policy
ACCEPT)
target prot opt source destination SNAT all -- anywhere anywhere to:192.114.206.30 Chain OUTPUT (policy
ACCEPT)
target prot opt source destination ###################################################################
Here is my iptables -L
Chain INPUT (policy
DROP)
target prot opt source destination bad_tcp_packets tcp -- anywhere anywhere icmp_packets icmp -- anywhere anywhere tcp_packets tcp -- anywhere anywhere udpincoming_packets udp -- anywhere anywhere ACCEPT all -- anywhere 192.168.0.255 ACCEPT all -- localhost.localdomain anywhere ACCEPT all -- 192.168.0.1 anywhere ACCEPT all -- alexis.macam.ac.il anywhere ACCEPT all -- 192.168.0.0/24 anywhere ACCEPT all -- anywhere alexis.macam.ac.il state RELATED,ESTABLISHED LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level alert prefix `IPT INPUT packet died: ' Chain FORWARD (policy
DROP)
target prot opt source destination bad_tcp_packets tcp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere 192.168.0.0/24 LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level alert prefix `IPT FORWARD packet died: ' Chain OUTPUT (policy
DROP)
target prot opt source destination bad_tcp_packets tcp -- anywhere anywhere ACCEPT all -- localhost.localdomain anywhere ACCEPT all -- 192.168.0.1 anywhere ACCEPT all -- alexis.macam.ac.il anywhere LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level alert prefix `IPT OUTPUT packet died: ' Chain allowed (5
references)
target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED DROP tcp -- anywhere anywhere Chain bad_tcp_packets (3
references)
target prot opt source destination LOG tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW LOG level warning prefix `New not syn:' DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW DROP all -- 192.168.0.0/16 anywhere DROP all -- 10.0.0.0/8 anywhere DROP all -- 172.16.0.0/12 anywhere Chain icmp_packets (1
references)
target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere icmp time-exceeded Chain tcp_packets (1
references)
target prot opt source destination allowed tcp -- anywhere anywhere tcp dpt:ftp allowed tcp -- anywhere anywhere tcp dpt:ssh allowed tcp -- anywhere anywhere tcp dpt:http allowed tcp -- anywhere anywhere tcp dpt:auth allowed tcp -- anywhere anywhere tcp dpt:squid Chain udpincoming_packets (1
references)
target prot opt source destination ACCEPT udp -- anywhere anywhere udp spt:domain ACCEPT udp -- anywhere anywhere udp spt:2074 ACCEPT udp -- anywhere anywhere udp spt:4000 And I add my squid.conf
Thanks in advance
Nir Cohen
|
