Re: [squid-users] Squid and Firewall on Gateway

From: Matus UHLAR - fantomas <uhlar@dont-contact.us>
Date: Mon, 20 Dec 2004 11:46:17 +0100

On 17.12 09:20, Chris Robertson wrote:
> Your firewall rules seem to be preventing your gateway from doing DNS
> lookups...
>
> Add a rule like:
>
> ## DNS Lookups
> iptables -A INPUT -p udp -i eth1 --sport 53 -d 192.168.192.70 -j ACCEPT

allowing packets from port 53 is not good idea. allowing ESTABLISHED
connections using --state is much, much better.

> iptables -A OUTPUT -p udp -o eth1 --dport 53 -s 192.168.192.70 -j ACCEPT

I don't think he has blocked outgoing data.

so, instead of two rules abuve, the simple rule:

iptables -A INPUT -m state --state ESTABLISHED -j ALLOW

should be just enough. You need to have 2.4 and later kernel and the
needed modules loaded.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your system's speed by 500% - DEL C:\WINDOWS\*.*
Received on Mon Dec 20 2004 - 03:46:20 MST

This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:02 MST