Iptables + Outlook + Squid
Danilo segue o resultado que faltava...
------------------------------------------
# iptables -nL -v
Chain INPUT (policy ACCEPT 4133K packets, 462M bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
475 25157 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1234
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4899
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5555
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
324 50133 DROP all -- eth1 * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
Chain FORWARD (policy ACCEPT 11590 packets, 4471K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1234
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4899
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5555
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
0 0 DROP all -- eth1 * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
Chain OUTPUT (policy ACCEPT 5756K packets, 5588M bytes)
pkts bytes target prot opt in out source destination
Chain 22 (0 references)
pkts bytes target prot opt in out source destination
#
------------------------------------------------------
Era isso? Essas são as regras que vc se refere?
Abraço.
Iptables + Outlook + Squid
nao..
eu preciso das regras que esta sendo adicionada na tabela NAT.. que pelo o que vi o que vc postou antes.. nao aparece regra nenhuma.. ae logico que sua rede nao vai funcionar..
Iptables + Outlook + Squid
Suas regras tao tudo sem fundamento e ta faltando regra, vc ta aplicando Policy ACCEPT e criando regras de ACCEPT(que nao tem necessidade), vc esta DROP novas coneccoes em FORWARD e nao esta ACCEPT RELATED, ESTABLISHED conexoes, vc nao tem regras de MASQUERADE, seu ip_forward esta habilitado?
http://iptables.under-linux.org
Recomendo uma estudada no site da under pra iptables, ja que acho q toda a galera aqui ta achando melhor que a galera aprenda a fazer suas proprias rulesets nao agente ficar passando script pronto!
Iptables + Outlook + Squid
Galera eu de novo:
Concordo com o que o Felco disse, "...achando melhor que a galera aprenda a fazer suas proprias rulesets..."
Como ja sabem sou leigo neste assunto. Estou começando a entender alguma coisas agora... O problema é que estou desesperado e como já disse antes, já andei dando um estudada por ai, inclusive no próprio http://iptables.under-linux.org, e não obtive exito.
Segue meu iptables + uma vez...
Por favor me digam o que devo fazer. Preciso resolver isso + que urgente!! Estou com alguns problemas aqui na empresa...
##################################################################
# Generated by iptables-save v1.2.7a on Wed Dec 1 08:00:00 2004
*mangle
:PREROUTING ACCEPT [6882:1875721]
:INPUT ACCEPT [6882:1875721]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5886:2657751]
:POSTROUTING ACCEPT [5886:2657751]
##################################################################
# Completed on Wed Dec 1 08:00:00 2004
# Generated by iptables-save v1.2.7a on Wed Dec 1 08:00:00 2004
*nat
:PREROUTING ACCEPT [10:661]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
-A PREROUTING -d 200.207.131.143 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.254
#####################################################################################################
-A POSTROUTING -o eth0 -p tcp -m tcp --dport 80 -j MASQUERADE
-A POSTROUTING -o eth0 -p tcp -m tcp --dport 25 -j MASQUERADE
-A POSTROUTING -o eth0 -p tcp -m tcp --dport 110 -j MASQUERADE
##################################################################
# Completed on Wed Dec 1 08:00:00 2004
# Generated by iptables-save v1.2.7a on Wed Dec 1 08:00:00 2004
*filter
:INPUT ACCEPT [5:1081]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:296]
:22 - [0:0]
-A INPUT -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 1234 -j ACCEPT
-A INPUT -m state -i eth1 --state NEW,INVALID -j DROP
############################################################
-A FORWARD -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -i eth1 -p tcp -m tcp --dport 1234 -j ACCEPT
-A FORWARD -m state -i eth1 --state NEW,INVALID -j DROP
#########################################
# Completed on Wed Dec 1 08:00:00 2004
##### Fim ####
O que esta faltando?
O que esta sobrando?
Como devo proceder?
Ajudem! Socorro!!!
Iptables + Outlook + Squid
Tira essa regra
-A INPUT -m state -i eth1 --state NEW,INVALID -j DROP
Substitui essa:
-A POSTROUTING -o eth0 -p tcp -m tcp --dport 80 -j MASQUERADE
-A POSTROUTING -o eth0 -p tcp -m tcp --dport 25 -j MASQUERADE
-A POSTROUTING -o eth0 -p tcp -m tcp --dport 110 -j MASQUERADE
Por essa:
-A POSTROUTING -o eth0 -p tcp -m tcp -j MASQUERADE