Me parece que no le estas diciendo a iptables que redireccione las peticiones hacia el puerto donde esta escuchando squid. Revisa la configuración de squid.conf (el puerto) y le pones esa instrucción a tu iptables. Ojala te sirva
----- Mensaje original ----- De: Jose Miguel Vidal Lavin <[EMAIL PROTECTED]> Fecha: Miércoles, Marzo 3, 2004 7:39 am Asunto: Problemas con nat > Señores > > Tengo una máquina que funciona com squid proxy y funciona bien, > inclusive me filtra msn, kazaa y demases. El problema es que tengo > ke > usar nat para habilitar todos los servicios a ciertas máquinas y > eso lo > hago desde una máquina que tengo de firewall pero de un momento a > otro > dejó de funcionar el ruteo y no me puedo conectar a internet > usando esa > puerta de enlace, he revisado toda la configuración y no he podido > encontrar el error. > > mi configuración que me entrega iptables es la siguiente: > > Tabla: mangle > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > Tabla: filter > Chain INPUT (policy DROP) > target prot opt source destination > ACCEPT icmp -- anywhere anywhere icmp > echo-request > ACCEPT tcp -- anywhere anywhere tcp > dpt:sshACCEPT tcp -- anywhere anywhere > tcp spt:ssh > ACCEPT tcp -- anywhere anywhere tcp > dpt:ftpACCEPT tcp -- anywhere anywhere > tcp dpt:ftp-data > ACCEPT tcp -- anywhere anywhere tcp > dpt:httpACCEPT tcp -- anywhere anywhere > tcp spt:http > ACCEPT tcp -- anywhere anywhere tcp > dpt:smtpACCEPT tcp -- anywhere anywhere > tcp spt:smtp > ACCEPT tcp -- anywhere anywhere tcp > dpt:pop3ACCEPT tcp -- anywhere anywhere > tcp spt:pop3 > ACCEPT udp -- anywhere anywhere udp > dpt:netbios-ns > ACCEPT tcp -- anywhere anywhere tcp > dpt:netbios-ssn > ACCEPT tcp -- anywhere anywhere tcp > dpt:microsoft-ds > ACCEPT udp -- anywhere anywhere udp > spt:netbios-ns > ACCEPT tcp -- anywhere anywhere tcp > spt:netbios-ssn > ACCEPT tcp -- anywhere anywhere tcp > spt:microsoft-ds > REJECT tcp -- anywhere anywhere tcp > dpt:sunrpc reject-with icmp-port-unreachable > > Chain FORWARD (policy DROP) > target prot opt source destination > ACCEPT tcp -- anywhere anywhere tcp > dpt:httpACCEPT tcp -- anywhere anywhere > tcp spt:http > ACCEPT udp -- anywhere anywhere udp > dpt:httpACCEPT udp -- anywhere anywhere > udp spt:http > > Chain OUTPUT (policy DROP) > target prot opt source destination > ACCEPT icmp -- anywhere anywhere icmp > echo-reply > ACCEPT icmp -- anywhere anywhere > ACCEPT tcp -- anywhere anywhere tcp > dpt:sshACCEPT tcp -- anywhere anywhere > tcp spt:ssh > ACCEPT tcp -- anywhere anywhere tcp > spt:ftpACCEPT tcp -- anywhere anywhere > tcp spt:ftp-data > ACCEPT tcp -- anywhere anywhere tcp > dpt:domainACCEPT udp -- anywhere anywhere > udp dpt:domain > ACCEPT tcp -- anywhere anywhere tcp > dpt:httpACCEPT tcp -- anywhere anywhere > tcp spt:http > ACCEPT tcp -- anywhere anywhere tcp > spt:10000ACCEPT tcp -- anywhere anywhere > tcp dpt:smtp > ACCEPT tcp -- anywhere anywhere tcp > spt:smtpACCEPT tcp -- anywhere anywhere > tcp dpt:pop3 > ACCEPT tcp -- anywhere anywhere tcp > spt:pop3ACCEPT udp -- anywhere anywhere > udp > dpt:netbios-ns > ACCEPT tcp -- anywhere anywhere tcp > dpt:netbios-ssn > ACCEPT tcp -- anywhere anywhere tcp > dpt:microsoft-ds > ACCEPT udp -- anywhere anywhere udp > spt:netbios-ns > ACCEPT tcp -- anywhere anywhere tcp > spt:netbios-ssn > ACCEPT tcp -- anywhere anywhere tcp > spt:microsoft-ds > Tabla: nat > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > MASQUERADE all -- anywhere anywhere > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > -- > Jose Miguel Vidal Lavin User #333809 http://couter.li.org > Departamento de Informática Fono : 6764600 > Cobranzas y Servicios Afines 6764622 > Bulnes 317, Oficina 612 > > >
