LinuxQuestions.org - adding firewalls nat rules

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - adding firewalls nat rules (https://www.linuxquestions.org/questions/linux-newbie-8/adding-firewalls-nat-rules-836060/)

Quote:

Originally Posted by sem007 (Post 4117247)

add both ip in acl rule in squid.conf

Code:

acl mylan src 192.168.0.100 192.168.200.0/24

enable ip forwarding.

Code:

# echo 1 > /proc/sys/net/ipv4/ip_forward

# vim /etc/sysctl.conf

net.ipv4.ip_forward = 1

flush existing firewall and apply new rules.

Code:

#iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

#iptables -A FORWARD -i eth1 -j ACCEPT

#iptables -A INPUT -i eth1 -j ACCEPT

#iptables -A OUTPUT -o eth1 -j ACCEPT

#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.0.100:3128

#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

Regards,

No still not,unless the port and IP are mentioned in client's browser.

Quote:

Originally Posted by divyashree (Post 4117476)

No still not,unless the port and IP are mentioned in client's browser.

TRY by default DROP rules for INPUT and FORWARD;then accept the ports i.e try defining the rules one by one!

iptables -P INPUT DROP

iptables -P FORWARD DROP

Also see that DNS is configured properly!Configuring caching dns (with bind)will help you!