On Fri, 13 May 2005, Niels wrote:
> Thank you for your answer Henrik. OK, so I now have this:
>
> #redirect to squid
> iptables -t nat -I PREROUTING -i eth1 -p TCP --dport 3128 -j DROP
On a second thought you should extend that with a destination IP match..
if not you will block traffic to port 3128 on all destinations...
> I inserted a "-p TCP", otherwise I get an error. I also changed -I to -A,
> but in either case I still get
>
> 3128/tcp filtered squid-http
>
> when I run nmap from another machine. I want 3128 to be invisible.
You could use --REJECT --reject-with tcp-reset
or REDIRECT it to a unused port having the TCP kernel send that reset for
you.
Regards
Henrik
Received on Fri May 13 2005 - 04:05:56 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:02 MDT