hello agian
now i come whit a problem on my iptables whit the internal lan and it permisions to access the service that of http, ftp and mail.
I have configure my servers of vsftpd, httpd and squiremail. The problem is that my internal lan connected to my server that working as transparent proxy squid and as webserver to the internet can not access this service, in other words, when i put in firefox
www.cdeonline.net (my domain) on one of the lan machines it does not open, and stay waiting for the server, first i though it was a problem on my config, so i asked a friend in EE.UU. to tray and open it, he says it works fine, but for my lan and my server, when i tray to access
www.cdeonline.net it does not open, it says it is wayting to the server of cdeonline.net. When i tray to access the ftp server it just stay loading and nothing more.
Please i add my iptables scrip so you can tell me whats wrong whit it, i think it should work but it is not... :P please, some one can help?
Code:
#!/bin/bash
#Internet
EXT_DEV="eth1"
EXT_NET="1.1.1.1/30"
EXT_IP="1.1.1.3"
#LAN
INT_DEV="eth0"
INT_NET="192.168.1.0/24"
INT_IP="192.168.1.254"
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -i lo -s 127.0.0.0/8 -j ACCEPT
iptables -A OUTPUT -o lo -s 127.0.0.0/8 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type any -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type any -j ACCEPT
iptables -A INPUT -i $INT_DEV -s $INT_NET -j ACCEPT
iptables -A OUTPUT -o $INT_DEV -s $INT_NET -j ACCEPT
iptables -A OUTPUT -o $EXT_DEV -j ACCEPT
iptables -A FORWARD -i $INT_DEV -s $INT_NET -o $EXT_DEV -j ACCEPT
iptables -t nat -A PREROUTING -i $INT_DEV -s $INT_NET -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o $EXT_DEV -s $INT_NET -j SNAT --to-source $EXT_IP
iptables -A INPUT -i $EXT_DEV -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $EXT_DEV -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 53 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 20 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 21 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 25 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 465 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --syn --dport 80 -j ACCEPT
iptables -A INPUT -m state --state NEW -m udp -p udp --dport 80 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --syn --dport 443 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 636 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 993 -j ACCEPT
the solution was te DNAT of the ip to the internal ip. another problem resolve 
