Re: [Sarlug] squid СРОЧНО

Saratov Linux User Group
 help / color / mirror / Atom feed

From: linderoxxx <linderoxxx@mail.ru>
To: Saratov Linux User Group Maillist <sarlug@lug.ru>
Subject: Re: [Sarlug] squid СРОЧНО
Date: Wed, 26 Mar 2008 12:27:36 +0300
Message-ID: <47EA1708.4080406@mail.ru> (raw)

iptables -L
master@local ~ $ sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:45689

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  10.0.3.0/24          anywhere            tcp dpt:20003
ACCEPT     all  --  10.0.3.0/24          anywhere
ACCEPT     all  --  10.0.3.3             anywhere
ACCEPT     all  --  anywhere             10.0.3.0/24         state 
RELATED,ESTABLISHED
ACCEPT     icmp --  10.0.3.0/24          anywhere
ACCEPT     tcp  --  10.0.3.0/24          anywhere            tcp dpt:https
ACCEPT     tcp  --  10.0.3.0/24          anywhere            tcp dpt:aol

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            limit: avg 
3/min burst 3 LOG level info prefix `ACC_IN:'
ACCEPT     tcp  --  10.0.3.0/24          anywhere            tcp spt:http




master@local ~ $ sudo cat /fw/iptables
#!/bin/sh

#clear all chains

iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD

iptables -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG 
--log-level 6 --log-prefix "ACC_IN:"
iptables -A OUTPUT -o ppp0 -s 10.0.3.0/255.255.255.0 -p tcp --sport 80 
-j ACCEPT
#iptables -A OUTPUT -p tcp -s 10.0.3.0/24
iptables -t nat -A PREROUTING -s 10.0.3.1/24 -p tcp -m tcp --dport 80 -j 
REDIRECT --to-ports 4000
#

iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --destination-port smtp -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --destination-port ssh -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --destination-port 110 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --destination-port http -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --destination-port 45689 -j ACCEPT
iptables -P INPUT DROP

# ati
iptables -A FORWARD -s 10.0.3.0/24 -p tcp --destination-port 20003 -j ACCEPT
iptables -A FORWARD -s 10.0.3.2/24 -j ACCEPT
iptables -A FORWARD -s 10.0.3.3 -j ACCEPT
iptables -A FORWARD -d 10.0.3.0/24 -m state --state ESTABLISHED,RELATED 
-j ACCEPT
iptables -A FORWARD -s 10.0.3.0/24 -p icmp -j ACCEPT
iptables -A FORWARD -s 10.0.3.0/24 -p tcp --destination-port https -j ACCEPT
iptables -A FORWARD -s 10.0.3.0/24 -p tcp --destination-port 5190 -j ACCEPT

iptables -P FORWARD DROP

iptables -t nat -A POSTROUTING -s 10.0.3.0/24 -o ppp0 -j MASQUERADE

next             reply	other threads:[~2008-03-26  9:27 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-26  9:27 linderoxxx [this message]
2008-03-26  9:35 ` Aleksei Sinitsyn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47EA1708.4080406@mail.ru \
    --to=linderoxxx@mail.ru \
    --cc=sarlug@lists.lug.ru \
    --cc=sarlug@lug.ru \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Saratov Linux User Group

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/sarlug/0 sarlug/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 sarlug sarlug/ http://lore.altlinux.org/sarlug \
		sarlug@lists.lug.ru sarlug@lug.ru
	public-inbox-index sarlug

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.sarlug


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git