On Mon, Mar 12, 2012 at 8:28 PM, rmariya sagaya asirvatham <[email protected]> wrote: > How can i configure my firewall to accept all outgoing web traffic only > from my proxy server > > may i add below lines in my iptables .... > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to > 192.168.x.x.3128 > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT > --to-port 3128
It's high time you stopped top posting and learnt to follow mailing list guide lines. Your iptables rule is not correct, you are destination/reverse NAT which is not needed in your setup. My preferred method with iptables it to default DROP packets on the FORWARD chain. This will ensure only traffic you explicitly permit to pass through your system will be allowed - you can permit outbound dns, ssh, smtp/pop, etc for select source and destination IP ranges. Knowledge of iptables working is essential to build a successful security system. Suggest you read the iptables documentation fully and test thoroughly before deploying. - Raja _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
