I am setting up a new squid daemon to run on my server. I want to make sure that everyone inside my network can access squid but I want to make sure everyone on the internet is blocked.
eth0 is connected to my internal LAN via: 192.168.0.5/255.255.255.0
eth1 is connected to the internet via: 220.127.116.11/255.255.255.248
Squid listens on port 3124
So far I have the following script for my iptables.
iptables -t nat -F
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -p tcp --dport 3124 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Is this correct? Will this allow all my LAN users access to squid while blocking outward attempts from the net to my server?
Thanks in advance!