On Monday 12 May 2003 12.55, Emilio Casbas wrote:
> What I want to do is get an iptables setup that works with squid in
> the same box (not is a transparent proxy).
Yes?
> If squid is running and after I started iptables, works fine, but
> when squid is stop, iptables start and I started squid (RunCache or
> squid -k reconfigure) i have a problem with the port of squid
Should not. The two are independent. See below for a probable cause.
> Any rules of iptables:
> $IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -d $IPADDR -p
> tcp --dport {} -j ACCEPT
> $IPTABLES -A OUTPUT -o $EXTERNAL_INTERFACE -d $MYRED -p
> tcp --dport {} -j ACCEPT
> where the dport is: 8080, 53, 22 ...
You really want to use conntrack.. iptables without conntrack is very
limiting and not entirely reliable.
Your OUTPUT rules is not complete. You at least need to allow Squid to
make DNS queries.
Adding a final -j LOG rule to your iptables rules is recommended. This
way you see what your firewall is blocking and can look into why..
any traffic logged as blocked in OUTPUT will almost certainly cause
something on the server to not work.
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Mon May 12 2003 - 11:49:14 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:36 MST