|
iptables - proxy not working
Hello,
My server is om Mandrake 10.1
eth0 is WAN with static IP connected to 512K DSL.
eth1 is LAN - 192.168.0.0/24.
I have the iptables rules :
# Generated by iptables-save v1.2.9 on Tue Apr 26 14:50:01 2005
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Apr 26 14:50:01 2005
# Generated by iptables-save v1.2.9 on Tue Apr 26 14:50:01 2005
*mangle
:PREROUTING ACCEPT [707:100355]
:INPUT ACCEPT [704:99811]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [541:74129]
:POSTROUTING ACCEPT [611:85191]
COMMIT
# Completed on Tue Apr 26 14:50:01 2005
# Generated by iptables-save v1.2.9 on Tue Apr 26 14:50:01 2005
*filter
:FORWARD ACCEPT [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -j ACCEPT
-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -p tcp -m tcp -i eth1 --dport 3128 --sport 80 -j ACCEPT
-A INPUT -p udp -m udp -i eth1 --dport 3128 --sport 80 -j ACCEPT
-A INPUT -s 62.0.0.0/255.0.0.0 -i eth0 -j REJECT
-A INPUT -p tcp -m tcp -s 217.81.0.0/255.255.0.0 -i eth0 -j REJECT
-A INPUT -i eth0 -j DROP
-A INPUT -p tcp -m tcp -i eth1 --sport 80 -j DROP
-A INPUT -m state -i eth1 --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p tcp -i eth1 -o eth0 --dport 25 --sport 1024: -j ACCEPT --syn
-A FORWARD -p tcp -i eth1 -o eth0 --dport 110 --sport 1024: -j ACCEPT --syn
-A FORWARD -p tcp -i eth1 -o eth0 --dport 1863 --sport 1024: -j ACCEPT --syn
-A FORWARD -p tcp -i eth1 -o eth0 --dport 5050 --sport 1024: -j ACCEPT --syn
-A OUTPUT -p udp --dport 53 --sport 1024: -j ACCEPT
-A OUTPUT -p tcp -m owner -o eth0 --dport 80 --sport 1024: --uid-owner squid -j ACCEPT --syn
COMMIT
# Completed on Tue Apr 26 14:50:01 2005
The problem is that with or without proxy settings in the browser
clients can connect to internet. Which I don't want.
What is the mistake in my rule that is not fully directing traffic
to port 3128..
Please feel free to correct the rules.
Thanks in advance
Varun
|
