From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <l.andriy@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.4 required=5.0 tests=AWL,BAYES_00,SPF_PASS
	autolearn=ham version=3.2.5
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from
	:user-agent:mime-version:to:subject:references:in-reply-to
	:content-type:content-transfer-encoding;
	bh=W3638uUMM2OwBVTrNzivXufml51zIzlnBAAY6UIsyrM=;
	b=gPMqVbF1HXpn0Vih6Yb5R+nIbmmIT6tm2TdqzcRV08UGImpsRWSH6hgXcKbtBJO8Vs
	yduQ9t/d0phxjwQAd9M0M/PWEfmn0bCGRYc2T3MgoIDLcdfTMEdwv7UU5njhwzzX2lqL
	eP31cU0LqjyteLKw13/pislba6aI9MRGmfHpQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:user-agent:mime-version:to:subject:references
	:in-reply-to:content-type:content-transfer-encoding;
	b=Nrl+6MenZImzrfLKKZg0UpPqNzq44pZlHN1H469LmA7lA0mX9HGk74c/kftFYdyIWp
	NIQ3zQkV8g0i8XdRa4CT9wFi8VIOQu0TuLtFm/AZEYVFqg3ZrUkCAXLgSdnoXkQoxA6g
	fclgudlexOn6s7GM6YWF6rJn9sufyAIJfWVak=
Message-ID: <49F326EF.8050308@gmail.com>
Date: Sat, 25 Apr 2009 18:06:23 +0300
From: andriy <l.andriy@gmail.com>
User-Agent: Thunderbird 2.0.0.17 (X11/20080929)
MIME-Version: 1.0
To: ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org>
References: <49EFF907.1010808@gmail.com>	<9d5146970904231011s3ef89a2bv45d147283b6568ec@mail.gmail.com>	<49F0B159.6080306@gmail.com>
	<9d5146970904232216v7ef4aa3es2dbb2d42ebe367d7@mail.gmail.com>
In-Reply-To: <9d5146970904232216v7ef4aa3es2dbb2d42ebe367d7@mail.gmail.com>
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: [Sysadmins] NAT+squid
X-BeenThere: sysadmins@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org>
List-Id: ALT Linux sysadmin discuss <sysadmins.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sysadmins>
List-Post: <mailto:sysadmins@lists.altlinux.org>
List-Help: <mailto:sysadmins-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Apr 2009 15:02:28 -0000
Archived-At: <http://lore.altlinux.org/sysadmins/49F326EF.8050308@gmail.com/>
List-Archive: <http://lore.altlinux.org/sysadmins/>

Afanasov Dmitry написав(ла):
> 23.04.09, andriy<l.andriy@gmail.com> написал(а):
>   
>> Afanasov Dmitry написав(ла):
>>  А как правильно, чтоб ходил только 25 и 110?
>>     
> программа минимум:
> iptables -P FORWARD DROP
> iptables -A FORWARD -p tcp -i eth0 -o eth1 --dport 25 -j ACCEPT
> iptables -A FORWARD -p tcp -i eth0 -o eth1 --dport 110 -j ACCEPT
> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source xxx.xxx.xxx.xxx
>   
:-(
не работает
> можно ещё на всякий:
> iptables -A FORWARD -p icmp -j ACCEPT
>
>   
с icmp проблем нет и небыло, при старом варианте