Can you guys help, I recently made a squid proxy server running on fedora core 4. I'm having problems in connecting my ymessenger and limewire. I can't seem to access both application through the net. I disabled selinux and made a iptable script. even if i turn off iptables these application won't run, its always disconnected.


Iptables script

#!/bin/sh

LAN="eth1"
INTERNET="eth0"
IPTABLES="/sbin/iptables"


#tmtli firewall

# Drop ICMP echo-request messages sent to broadcast or multicast addresses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

# Drop source routed packets
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route

# Enable TCP SYN cookie protection from SYN floods
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

# Don't accept ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects

# Don't send ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects

# Enable source address spoofing protection
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter

# Log packets with impossible source addresses
echo 1 > /proc/sys/net/ipv4/conf/all/log_martians

# Flush all chains
$IPTABLES --flush

# Allow unlimited traffic on the loopback interface
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT
$IPTABLES -A FORWARD -i lo -j ACCEPT

# Set default policies
$IPTABLES --policy INPUT DROP
$IPTABLES --policy OUTPUT DROP
$IPTABLES --policy FORWARD DROP

# Previously initiated and accepted exchanges bypass rule checking
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow incoming port 22 (ssh) connections on LAN interface
$IPTABLES -A INPUT -i $LAN -p tcp --destination-port 22 -m state \
--state NEW -j DROP

# Allow incoming port 3128 (squid) connections on LAN interface
$IPTABLES -A INPUT -i $LAN -p tcp --destination-port 3128 -m state \
--state NEW -j ACCEPT

# Allow ICMP ECHO REQUESTS on LAN interface
$IPTABLES -A INPUT -i $LAN -p icmp --icmp-type echo-request -j ACCEPT

# Allow DNS resolution
$IPTABLES -A OUTPUT -o $INTERNET -p udp --destination-port 53 -m state \
--state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 53 -m state \
--state NEW -j ACCEPT

# Allow ntp synchronization
$IPTABLES -A OUTPUT -o $INTERNET -p udp --destination-port 123 -m state \
--state NEW -j ACCEPT

# Allow Squid to proxy http and https

$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 80 -m state \
--state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 443 -m state \
--state NEW -j ACCEPT

$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 5190 -m state \
--state NEW -j ACCEPT

$IPTABLES -A INPUT -i $WEBSERVER -p tcp --destination-port 80 -m state \
--state NEW -j ACCEPT

echo goodbye!
#exit

Thanks

I'm not 100% sure, but I don't believe limewire will work with squid. Have tried simply forwarding the limewire traffic out of your LAN and then Masquerading/SNATing then traffic as it leaves the gateway?
Like this:
iptables -A FORWARD -s $LAN -i $LAN_INTERFACE -p tcp --dport 6346 -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXTERNAL_INTERFACE -p tcp --dport 6346 -j SNAT --to-source X.X.X.X

where X.X.X.X is your external IP address of the firewall. If you have a dynamic IP address that can change, then use -j MASQUERADE instead.

On the otherhand, I do believe that squid can be used to proxy ymessenger traffic. Try adding an the ymessenger ports to your squid Safe_ports acl list
acl Safe_ports port 5050

Might want to try adding limewire port too, just to see if it will proxy the traffic (I doubt it though)