[K12OSN] iptables and prerouting for squid
KJ
ksj2010 at myrealbox.com
Fri Nov 19 15:39:44 UTC 2004
Hi Cory,
I have managed to stop my clients from communicating, but unfortunately
it was with anything at all. I took the eth0 out of the trusted devices
list, then I couldn't boot.
I stopped forwarding, however I can still get to the internet.
Here is the output of the requested commands:
----------------------
[root at LTSP root]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:https[root at LTSP root]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:2022
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
[root at LTSP root]#
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:2022
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
[root at LTSP root]#
--------------------------------------
[root at LTSP root]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp
dpt:http redir ports 3128
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root at LTSP root]#
-------------------------------------
My system is accessible to the outside via SSH.
Thanks again for your help.
KJ
On Thu, 2004-11-18 at 20:39, Cory Cartwright wrote:
> Hi KJ,
> I was going to try to recreate what you have, but my servers are not
> being cooperative. It seems the physical stuff is fine, as you can boot
> and get to the Internet. I think from here I would try to "break" my
> ability of my thin client to reach the other network. Maybe start by
> turning off forwarding? echo 0 > /proc/sys/net/ipv4/ip_forward
>
> What is is the output of iptables -nat -L and iptables -L?
> is this system accessible to the outside via ssh?
>
> Cory
>
More information about the K12OSN
mailing list