Re: [squid-users] iptables to limit connections

From: Chijioke Kalu <kchijioke@dont-contact.us>
Date: Mon, 16 Jun 2003 22:30:39 -0700

Ok, I will try this, I wanted to know if this iptable rule affects my other
iptable rules in my firewall script, like I have a table for my NAT, does it
matter if I put the mangle table before or after the NAT?

for example i have this rule in my nat to set up IPFORWARDING, masquerading
and transparent proxying

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
iptables -t nat -A PREROUTING -p TCP --dport 80 -j REDIRECT --to-port 3128

will adding the IMQ rule in my firewall script have any effect?

>From: Adi Nugroho <Adi@iNterNUX.co.id>
>To: squid-users@squid-cache.org
>Subject: Re: [squid-users] iptables to limit connections
>Date: Tue, 17 Jun 2003 09:59:23 +0800
>
>Pada hari Senin, 16 Juni 2003 17:52, Chijioke Kalu menulis:
> > read your reply to Pada's problem, am using htb for this solution too
>and
> > not squid, but I cant manage the inbound/outbound traffic properly or so
>it
> > seems, so bandwidth hogging tools, like email spiders and email
>harvesters
> > tend to suck it up, am trying to look into IMQ method.
> >
> > Am wondering have u implemented via IMQ, got some pressing questions on
>it.
>
>Yes, we are using IMQ also.
>I use IMQ to limit incoming traffic using egress filter.
>Once you use IMQ as follow, just use the new device (imq0) as you ussualy
>do
>in your normal htb rule to eth0.
>
> modprobe imq numdevs=1
> ip link set imq0 up
> iptables -t mangle -F
> iptables -t mangle -A PREROUTING -i eth0 -j IMQ
>
>Btw, since I'm not expert in Linux, maybe it is better to ask in lartc
>mailing
>list. Thare is a lot of linux guru there :-)
>Of course I will also help if I can.
>
>--
>Salam,
>
>Adi Nugroho
>PT iNterNUX - Internet Service Provider
>Jalan Arief Rate No. 3 Makassar - 90113
>Tel: +62-411-830579 Fax: +62-411-851282

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
Received on Mon Jun 16 2003 - 23:30:43 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:23 MST