iptables per transparent proxy

**verardoelvis** · 06-04-2007, 10:00

Ciao, sto cercando di mettere a punto iptables per un transparent proxy.

Ho il problema che se non metto la policy di default per INPUT e OUTPUT ad ACCEPT i client non mi navigano in internet.
vi posto la conf così potete dare un occhio.

VORREI che tutte le policy fossero DROP.

grazie
ciao

codice:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  151.11.128.0/23      anywhere            tcp dpt:17800
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:3128
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
LOG        all  --  anywhere             anywhere            LOG level warning prefix `FIREWALL (INPUT): '

Chain FORWARD (policy DROP)
target     prot opt source               destination
da-lan-a-wan  all  --  anywhere             anywhere
da-wan-a-lan  all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level warning prefix `FIREWALL (FORWARD): '

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
LOG        all  --  anywhere             anywhere            LOG level warning prefix `FIREWALL (OUTPUT): '

Chain da-lan-a-wan (1 references)
target     prot opt source               destination
DROP       all  -- !192.168.101.0/24     anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:17800
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:16000
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp-data
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:webcache
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssmtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:5900
ACCEPT     icmp --  anywhere             151.11.128.0/23
ACCEPT     tcp  --  anywhere             stampante.area.trieste.it tcp dpt:9100
ACCEPT     udp  --  anywhere             stampante.area.trieste.it udp dpt:47545
ACCEPT     udp  --  anywhere             anywhere            udp dpt:isakmp
ACCEPT     udp  --  anywhere             anywhere            udp dpt:4500
ACCEPT     udp  --  anywhere             anywhere            udp dpt:radius
ACCEPT     udp  --  anywhere             anywhere            udp dpt:radius-acct
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ntp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset

Chain da-wan-a-lan (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset

Discussione: iptables per transparent proxy

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

iptables per transparent proxy

Permessi di invio