From: "Rob Sterenborg" <rob@sterenborg.info>
To: netfilter@vger.kernel.org
Subject: RE: Gateway with Iptables
Date: Mon, 29 Oct 2007 17:12:45 +0100 [thread overview]
Message-ID: <008401c81a46$8adab100$0b0ffe0a@NS006819> (raw)
In-Reply-To: <4725BF05.5000708@liqwidkrystal.com>
> i have a proxy server, when i enable the proxy my mail clients are
> not able to send/receive mail. here is my iptables. please help me
> with the necessary changes.
[...]
> but after applying this users are able to connect
> to the Internet directly without enable proxy.
How do you test this? If you configured Squid for transparent proxying
and allow http (AFAIK you can't transparent proxy https) inbound, your
users don't have to configure a proxy in their browser and will use the
proxy "transparently".
> what else i have to do to stop direct connection , they must use
> proxy.
No offense, but I can't understand your ruleset. It looks like you
scraped things together from other rulesets (which by itself doesn't
have to be not wrong).
I was going to rewrite the script to make sense of it, but I'm not clear
on what is running where and what exactly is allowed. Also:
- AFAICS some user defined chains are not defined so some rules should
generate an error
- some rules seem to allow too much
- rules from the FORWARD chain call a user defined chain for the OUTPUT
chain
- it's easier to set the chain policies to DROP and specifically ACCEPT
what you want to
Perhaps someone else can make sense of this based on current
information, but for me it's impossible (well, I would be able to make
something out of it, but I have no illusion that such ruleset would be
working).
Grts,
Rob
next prev parent reply other threads:[~2007-10-29 16:12 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-29 4:59 Gateway with Iptables Tarak Ranjan
2007-10-29 8:20 ` Amos Jeffries
2007-10-29 11:07 ` Tarak Ranjan
2007-10-29 16:12 ` Rob Sterenborg [this message]
2007-10-29 16:45 ` kernel warning NAT: no longer support implicit source local NAT Jeffrey Glass
2007-10-30 9:00 ` Gateway with Iptables Amos Jeffries
-- strict thread matches above, loose matches on Subject: below --
2007-10-30 5:11 Tarak Ranjan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='008401c81a46$8adab100$0b0ffe0a@NS006819' \
--to=rob@sterenborg.info \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox