Henrik Nordstrom wrote:
> On Thu, 12 May 2005, Chris Robertson wrote:
>
>>> I need a rule in Iptables to block that port from external inquiry, only
>>> Squid, on the same machine, should be able to see it. How do I do that?
>>
>> Something like:
>>
>> iptables -A INPUT -i eth0 --dport 3128 -j REJECT
>
> Good except that it for practical reasons need to go into the nat table
> just before the REDIRECT rule..
>
> iptables -t nat -I PREROUTING -i eth0 --dport 3128 -j DROP
>
> Regards
> Henrik
Thank you for your answer Henrik. OK, so I now have this:
#redirect to squid
iptables -t nat -I PREROUTING -i eth1 -p TCP --dport 3128 -j DROP
iptables -A PREROUTING -t nat -p TCP --dport 80 -j REDIRECT --to-port 3128
I inserted a "-p TCP", otherwise I get an error. I also changed -I to -A,
but in either case I still get
3128/tcp filtered squid-http
when I run nmap from another machine. I want 3128 to be invisible.
Thanks,
Niels
Received on Thu May 12 2005 - 20:07:22 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:02 MDT