[squid-users] Squid, Iptables

From: Leo <[email protected]>
Date: Fri, 1 Mar 2002 00:32:07 +0300

Hello all, netfilter!

Does the for use Squid with firewall and masq, it need 4 rules, if
default policy is DROP?

                  eth1 int_ip eth0 ext_ip
                       | FIREWALL |
                     1.-->> -->>3.
USER | | INET
                     4.<<-- SQUID(3128) <<--4.
                       | |

                       

1.user request It will be:
iptables -t nat -A PREROUTING -i eth1 -s USER -p tcp --dport 80 -j DNAT --to int_ip:3128
2. allow squid to get out from firewall
iptables -A OUTPUT -o eth0 -s ext_ip -p tcp --dport 80 -j ACCEPT
3. allow packets from www server come to squid
iptables -A INPUT -i eth0 -d ext_ip -p tcp --sport 80 -j ACCEPT
4. allow answer squid to user
iptables -A OUTPUT -o eth1 -s int_ip -p tcp --sport 80 -j ACCEPT

Is my head think in rigth direction?
I work on firewall with rule: what is not permited, that DROPED
And i make a rule for every step in long connections.

P.S. i write this rules from my understending of working such local
processes as SQUID. :-) and i can make some mistake in them.

Thanks!

-- 
� ���������,
 Leo                          mailto:leoru@rbcmail.ru
Received on Thu Feb 28 2002 - 14:31:45 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:34 MST