Re: [suse-security] iptables and squid

DIRK WROTE: Helo Stefan, helo folks, I tried that one but it`s the same thing. Realy curious is, when the firewall script starts I get an error message with reference to "Bad argument squid" even I had declared in /etc/services. The same one, when I use the port nummer."Bad argument 3128" Any idea??? Thanks and regards Dirk Hello Dirk, hello folks, I don't know if it works but you can try this, maybe you can send me your log and the full error listed at you monitor: #SQUID internal lan iptables -A INPUT -i $IF_LAN -p tcp --dport 3128 -j ACCEPT iptables -A OUTPUT -i $IF_LAN -p tcp --sport 3128 -j ACCEPT #HTTP iptables -A INPUT -i $IF_WAN -p tcp --dport 80 -j ACCEPT iptables -A OUTPUT -i $IF_WAN -p tcp --sport 80 -j ACCEPT #DNS iptables -A INPUT -i $IF_WAN -p udp --sport 1024:65535 --dport 53 -j ACCEPT iptables -A OUTPUT -o $IF_WAN -p udp --dport 53 --sport 1024:65535 -j ACCEPT iptables -A INPUT -i $IF_WAN -p tcp --sport 1024:65535 --dport 53 -j ACCEPT iptables -A OUTPUT -o $IF_WAN -p tcp --dport 53 --sport 1024:65535 -j ACCEPT just try this (use the portnumbers not names in /etc/services). if this doesn't work, you should try to install proxy and firewall at to different machines. MfG. Stefan Walther stefan_walther@gehag-dsk.de dienst.: +4930/89786448 Funk: +49172/3943961

Stefan_Walther@gehag-dsk.de schrieb:
Hello Dirk, hello folks,
I don't know if it works but you can try this, maybe you can send me your log and the full error listed at you monitor:
#SQUID internal lan iptables -A INPUT -i $IF_LAN -p tcp --dport 3128 -j ACCEPT iptables -A OUTPUT -i $IF_LAN -p tcp --sport 3128 -j ACCEPT #HTTP iptables -A INPUT -i $IF_WAN -p tcp --dport 80 -j ACCEPT iptables -A OUTPUT -i $IF_WAN -p tcp --sport 80 -j ACCEPT #DNS iptables -A INPUT -i $IF_WAN -p udp --sport 1024:65535 --dport 53 -j ACCEPT iptables -A OUTPUT -o $IF_WAN -p udp --dport 53 --sport 1024:65535 -j ACCEPT iptables -A INPUT -i $IF_WAN -p tcp --sport 1024:65535 --dport 53 -j ACCEPT iptables -A OUTPUT -o $IF_WAN -p tcp --dport 53 --sport 1024:65535 -j ACCEPT
just try this (use the portnumbers not names in /etc/services). if this doesn't work, you should try to install proxy and firewall at to different machines.
MfG.
Stefan Walther stefan_walther@gehag-dsk.de dienst.: +4930/89786448 Funk: +49172/3943961
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Helo Stefan, helo folks, sorry for bogart time to answer, Stefan. I`m too mutch in work. Well, I tried these rules,but it`s the same thing anyway. Maybe something else is wrong, I don`t kwnow? :-( I used to work that kid of hardware- and software Server with Kern 2.2.( ipchains) and everything gonna be o.K. Now with Kern 2.4 someone go crasy. Probleby I have to update, cause I`m using 2.4.0. So thank you for help, I see forward for new strating point. Dirk Dirk Ertl networktechnican fon : +49 179/492 63 59 mailto : dirk@ertl-bln.de ------------------------------------------- It`s always a pleasure to here from you tux. Be care and I CU
participants (2)
-
Dirk Ertl
-
Stefan_Walther@gehag-dsk.de