From: Antony Stone <Antony@Soft-Solutions.co.uk>
To: netfilter@lists.samba.org
Subject: Re: Need Help
Date: Sun, 29 Sep 2002 23:40:36 +0100 [thread overview]
Message-ID: <20020929224039.UBRU2092.mta07-svc.ntlworld.com@there> (raw)
In-Reply-To: <002601c26807$3c41cc00$5120a8c0@mmx>
On Sunday 29 September 2002 11:26 pm, Davide wrote:
> hello,
> this is the iptables version
>
> /sbin/iptables -F
> /sbin/iptables -t nat -F
>
> /sbin/iptables -P INPUT ACCEPT
Ugh.
> /sbin/iptables -P FORWARD ACCEPT
Ughhh !!!
> /sbin/iptables -P OUTPUT ACCEPT
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
It's a good idea to put this *after* your rules, to avoid any period of time
when the kernel's forwarding packets, but without a ruleset loaded...
> # for trasparent proxy
> /sbin/iptables -t nat -A PREROUTING -p tcp -s 0.0.0.0/0 --dport 80 -j
> REDIRECT --to-ports 8080
The -s 0.0.0.0/0 is redundant.
> # for direct connection excluding HTTP
> /sbin/iptables -A FORWARD -p tcp -s 0.0.0.0/0 --dport 80 -j DROP
Please do this as an explicit ACCEPT rule for *outbound* packets which do not
match HTTP, and have a default DROP policy on the FORWARD chain (so you block
anything trying to come in).
ie:
iptables -P FORWARD DROP
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp --dport ! 80 -o $extIF -j ACCEPT
Antony.
--
G- GIT/E d- s+:--(-) a+ C++++$ UL++++$ P+(---)>++ L+++(++++)$ !E W(-) N(-) o?
w-- O !M V+++(--) !PS !PE Y+ PGP+> t- tv@ b+++ DI++ D--- e++>+++ h++ r@? 5?
!X- !R K--?
next prev parent reply other threads:[~2002-09-29 22:40 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-09-27 11:08 Need Help Mohammad Shakir
2002-09-29 22:26 ` Davide
2002-09-29 22:40 ` Antony Stone [this message]
-- strict thread matches above, loose matches on Subject: below --
2021-10-26 4:53 Need help Brad Knorr
2021-10-26 7:14 ` Daniel
2019-07-24 7:10 Gobinda Nandi
2019-07-24 16:16 ` Emily Shaffer
2012-07-13 11:13 Need Help rakesh
2008-01-30 10:40 need help Daniel Vera
2008-01-17 14:35 Need Help Nath, Varun
2008-01-17 18:24 ` Pradipmaya Maharana
2008-01-17 18:34 ` Nath, Varun
2008-01-17 18:40 ` Pradipmaya Maharana
2008-01-17 20:15 ` Nath, Varun
2008-01-17 20:28 ` Pradipmaya Maharana
2008-01-17 20:35 ` malahal
2008-01-17 20:39 ` Nath, Varun
2008-01-17 20:45 ` Nath, Varun
2008-01-17 21:10 ` Nath, Varun
2008-01-17 21:34 ` Chandra Seetharaman
2008-01-17 21:37 ` Nath, Varun
2008-01-17 22:43 ` Pradipmaya Maharana
2008-01-17 21:12 ` Pradipmaya Maharana
2008-01-17 21:13 ` Nath, Varun
2008-01-21 17:37 ` Nath, Varun
2008-01-17 20:30 ` malahal
2008-01-17 20:36 ` Nath, Varun
2008-01-17 20:44 ` malahal
2008-01-17 20:46 ` Nath, Varun
2008-01-17 18:37 ` Chandra Seetharaman
2008-01-17 18:40 ` Nath, Varun
2008-01-17 19:02 ` Chandra Seetharaman
2008-01-17 19:09 ` Pradipmaya Maharana
2008-01-17 19:18 ` Chandra Seetharaman
2008-01-17 20:05 ` Nath, Varun
2008-01-17 20:15 ` malahal
2008-01-17 20:14 ` malahal
2008-01-17 20:24 ` Nath, Varun
2008-01-13 11:09 Need help Ramachandran ms
2008-01-13 13:59 ` Nick Kossifidis
[not found] <002501c7e6c8$a6079170$a378c00a@chia>
2007-08-27 2:43 ` Tejun Heo
[not found] <86Xi2-6La-421@gated-at.bofh.it>
2007-04-06 21:24 ` need help Bodo Eggert
2007-04-06 7:49 vjn
2007-04-08 18:00 ` Bill Davidsen
2007-02-19 13:45 Need help Lina
2005-12-06 5:14 need Help arijit.sinharay
2005-12-06 6:02 ` Komal Shah
2005-03-22 5:15 Need help Naveen Kumar Atmakuri
2005-03-22 21:36 ` Kumar Gala
2004-04-16 19:17 need help Khanh Tran
2004-04-16 18:28 Matt Robineau
2004-04-16 19:26 ` Antony Stone
2004-04-16 17:32 Xen cpu usage limting Mark Williamson
2004-04-20 15:44 ` Need help I RATTAN
2004-04-20 16:27 ` Borut Mrak
2004-04-20 18:02 ` I RATTAN
2004-04-20 18:23 ` Rolf Neugebauer
2004-04-21 0:24 ` I RATTAN
2003-10-30 7:51 need help Pius Jerry
2003-10-30 9:30 ` Nick Piggin
2003-07-23 20:46 Need HELP Vladimir Vanyukov
2003-04-29 10:21 need help Karthik RC
2003-04-29 6:43 ` hare ram
2003-04-29 7:35 ` Julius Wijaya
2003-04-29 9:27 ` Maciej Soltysiak
2003-02-06 14:35 Need help Yates, Ben
2002-08-10 1:14 Muhammad Farooq Bhatti
2002-08-09 14:10 ` Patrice DUMAS - DOCT
2002-08-09 14:24 ` Andreas Behnert
[not found] <3D04BA0E.7000702@metaparadigm.com>
2002-06-13 14:21 ` need help manjuanth n
2002-06-13 14:21 ` manjuanth n
2002-06-08 11:27 manjuanth n
2002-06-08 19:43 ` Michael Clark
2002-06-10 14:21 ` manjuanth n
2002-06-10 17:04 ` Patrick Mansfield
2002-06-13 14:25 ` manjuanth n
2002-06-13 14:25 ` manjuanth n
2000-01-10 19:30 Need Help Pravin Pathak
2000-01-12 9:35 ` Gabriel Paubert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020929224039.UBRU2092.mta07-svc.ntlworld.com@there \
--to=antony@soft-solutions.co.uk \
--cc=netfilter@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.