Re: [squid-users] NAT on suse linux 10.0

amit ash Tue, 24 Jan 2006 17:01:09 -0800

On 24 Jan 2006 23:14:28 -0000, amit ash<[EMAIL PROTECTED]> wrote:


Hi,

I have just installed and configured Squid proxy service on Suse

Linux 10.0. It is working fine but I also need to configure NATso

that my users can download their emails in Outlook. To achieve
that I have added these lines in the "/etc/sysctl.conf"

net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -I FORWARD -i eth1 -o eth0 -j ACCEPT

But still the NAT doesnt work on this server. Please direct meand

thanks in advance.

Amit Ash



What iptables -L -n says?

--
::DAMK::

------------

I am attaching the output of the command in the txt file in thismail.


Amit.

Amit Ash
IT Dept.
Excel Infoways Pvt Ltd.

Work: +91-022-26394246
Fax:  +91-022-26394248
Cell: +91- 9892619518

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED
input_ext  all  --  0.0.0.0/0            0.0.0.0/0           policy match dir 
in pol ipsec proto 50
input_int  all  --  0.0.0.0/0            0.0.0.0/0
input_ext  all  --  0.0.0.0/0            0.0.0.0/0
input_ext  all  --  0.0.0.0/0            0.0.0.0/0
LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg 3/min 
burst 5 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET '
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP)
target     prot opt source               destination
TCPMSS     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp 
flags:0x06/0x02 TCPMSS clamp to PMTU
forward_ext  all  --  0.0.0.0/0            0.0.0.0/0           policy match dir 
in pol ipsec proto 50
forward_int  all  --  0.0.0.0/0            0.0.0.0/0
forward_ext  all  --  0.0.0.0/0            0.0.0.0/0
LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg 3/min 
burst 5 LOG flags 6 level 4 prefix `SFW2-FWD-ILL-ROUTING '
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state 
NEW,RELATED,ESTABLISHED
LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg 3/min 
burst 5 LOG flags 6 level 4 prefix `SFW2-OUT-ERROR '

Chain forward_ext (2 references)
target     prot opt source               destination
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 12
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 14
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 18
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 3 code 2
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 5
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0           limit: avg 3/min 
burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0           limit: avg 3/min 
burst 5 LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT '
LOG        udp  --  0.0.0.0/0            0.0.0.0/0           limit: avg 3/min 
burst 5 LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT '
LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg 3/min 
burst 5 state INVALID LOG flags 6 level 4 prefix `SFW2-FWDext-DROP-DEFLT-INV '
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain forward_int (1 references)
target     prot opt source               destination
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 12
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 14
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 18
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 3 code 2
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 5
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0           limit: avg 3/min 
burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-DEFLT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0           limit: avg 3/min 
burst 5 LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-DEFLT '
LOG        udp  --  0.0.0.0/0            0.0.0.0/0           limit: avg 3/min 
burst 5 LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-DEFLT '
LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg 3/min 
burst 5 state INVALID LOG flags 6 level 4 prefix `SFW2-FWDint-DROP-DEFLT-INV '
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain input_ext (3 references)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0           PKTTYPE = broadcast
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 4
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 12
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 14
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 18
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 3 code 2
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state 
RELATED,ESTABLISHED icmp type 5
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0           limit: avg 3/min 
burst 5 tcp dpt:22 flags:0x17/0x02 LOG flags 6 level 4 prefix 
`SFW2-INext-ACC-TCP '
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
reject_func  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:113 
state NEW
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0           limit: avg 3/min 
burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0           limit: avg 3/min 
burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
LOG        udp  --  0.0.0.0/0            0.0.0.0/0           limit: avg 3/min 
burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg 3/min 
burst 5 state INVALID LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT-INV '
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain input_int (1 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain reject_func (1 references)
target     prot opt source               destination
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           reject-with 
tcp-reset
REJECT     udp  --  0.0.0.0/0            0.0.0.0/0           reject-with 
icmp-port-unreachable
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with 
icmp-proto-unreachable
linux:~ #

Re: [squid-users] NAT on suse linux 10.0

Reply via email to