Hello all.
I have one problem.
I set up iptables
eth0 = wan
eth1 = lan
Quote:
# Generated by iptables-save v1.3.6 on Wed Aug 6 12:09:55 2008
*raw
:PREROUTING ACCEPT [18213191:25442966124] :OUTPUT ACCEPT [9467742:611496802]
COMMIT
# Completed on Wed Aug 6 12:09:55 2008
# Generated by iptables-save v1.3.6 on Wed Aug 6 12:09:55 2008
*mangle
:PREROUTING ACCEPT [18213261:25443065732]
:INPUT ACCEPT [18119575:25413626148]
:FORWARD ACCEPT [93679:29429796]
:OUTPUT ACCEPT [10811351:690771701]
:POSTROUTING ACCEPT [9561634:640972690]
COMMIT
# Completed on Wed Aug 6 12:09:55 2008
# Generated by iptables-save v1.3.6 on Wed Aug 6 12:09:55 2008
*nat
:PREROUTING ACCEPT [8186:854674]
:POSTROUTING ACCEPT [477:63450]
:OUTPUT ACCEPT [2315:187997]
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Aug 6 12:09:55 2008
# Generated by iptables-save v1.3.6 on Wed Aug 6 12:09:55 2008
*filter
:INPUT DROP [607:55082]
:FORWARD ACCEPT [93300:29398254]
:OUTPUT ACCEPT [8977470:584626333]
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 81 -j ACCEPT
-A INPUT -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
COMMIT
# Completed on Wed Aug 6 12:09:55 2008
|
and squid as transparent proxy
All works fine but pages with ssl doesnt opening.
and email like gmail.com and mail with ssl or tsl (configured under Thunderbird).
skype is working and all other. i can`t connect to https (bank pages and other who uses ssl).
but when i set mozilla to use my proxy then https works.
but if i am connecting to https site from router with lynx then page can open.
router and squid is on same pc.
samba too.
iptables is saved from my old arch linux.
thanks.
EDIT:
when i am connecting to my production server via SSH, when enter command 'ps aux', in console prints some lines and putty gets connection timeout...