es que no necesito redireccionar ningun puerto a squid ya que me conecto al nat por el gateway y no por el proxy.
w t c wrote: > Me parece que no le estas diciendo a iptables que redireccione las peticiones > hacia el puerto donde esta escuchando squid. Revisa la configuración de > squid.conf (el puerto) y le pones esa instrucción a tu iptables. > Ojala te sirva > > ----- Mensaje original ----- > De: Jose Miguel Vidal Lavin <[EMAIL PROTECTED]> > Fecha: Miércoles, Marzo 3, 2004 7:39 am > Asunto: Problemas con nat > > >>Señores >> >> Tengo una máquina que funciona com squid proxy y funciona bien, >>inclusive me filtra msn, kazaa y demases. El problema es que tengo >>ke >>usar nat para habilitar todos los servicios a ciertas máquinas y >>eso lo >>hago desde una máquina que tengo de firewall pero de un momento a >>otro >>dejó de funcionar el ruteo y no me puedo conectar a internet >>usando esa >>puerta de enlace, he revisado toda la configuración y no he podido >>encontrar el error. >> >> mi configuración que me entrega iptables es la siguiente: >> >>Tabla: mangle >>Chain PREROUTING (policy ACCEPT) >>target prot opt source destination >> >>Chain INPUT (policy ACCEPT) >>target prot opt source destination >> >>Chain FORWARD (policy ACCEPT) >>target prot opt source destination >> >>Chain OUTPUT (policy ACCEPT) >>target prot opt source destination >> >>Chain POSTROUTING (policy ACCEPT) >>target prot opt source destination >>Tabla: filter >>Chain INPUT (policy DROP) >>target prot opt source destination >>ACCEPT icmp -- anywhere anywhere icmp >>echo-request >>ACCEPT tcp -- anywhere anywhere tcp >>dpt:sshACCEPT tcp -- anywhere anywhere >>tcp spt:ssh >>ACCEPT tcp -- anywhere anywhere tcp >>dpt:ftpACCEPT tcp -- anywhere anywhere >>tcp dpt:ftp-data >>ACCEPT tcp -- anywhere anywhere tcp >>dpt:httpACCEPT tcp -- anywhere anywhere >>tcp spt:http >>ACCEPT tcp -- anywhere anywhere tcp >>dpt:smtpACCEPT tcp -- anywhere anywhere >>tcp spt:smtp >>ACCEPT tcp -- anywhere anywhere tcp >>dpt:pop3ACCEPT tcp -- anywhere anywhere >>tcp spt:pop3 >>ACCEPT udp -- anywhere anywhere udp >>dpt:netbios-ns >>ACCEPT tcp -- anywhere anywhere tcp >>dpt:netbios-ssn >>ACCEPT tcp -- anywhere anywhere tcp >>dpt:microsoft-ds >>ACCEPT udp -- anywhere anywhere udp >>spt:netbios-ns >>ACCEPT tcp -- anywhere anywhere tcp >>spt:netbios-ssn >>ACCEPT tcp -- anywhere anywhere tcp >>spt:microsoft-ds >>REJECT tcp -- anywhere anywhere tcp >>dpt:sunrpc reject-with icmp-port-unreachable >> >>Chain FORWARD (policy DROP) >>target prot opt source destination >>ACCEPT tcp -- anywhere anywhere tcp >>dpt:httpACCEPT tcp -- anywhere anywhere >>tcp spt:http >>ACCEPT udp -- anywhere anywhere udp >>dpt:httpACCEPT udp -- anywhere anywhere >>udp spt:http >> >>Chain OUTPUT (policy DROP) >>target prot opt source destination >>ACCEPT icmp -- anywhere anywhere icmp >>echo-reply >>ACCEPT icmp -- anywhere anywhere >>ACCEPT tcp -- anywhere anywhere tcp >>dpt:sshACCEPT tcp -- anywhere anywhere >>tcp spt:ssh >>ACCEPT tcp -- anywhere anywhere tcp >>spt:ftpACCEPT tcp -- anywhere anywhere >>tcp spt:ftp-data >>ACCEPT tcp -- anywhere anywhere tcp >>dpt:domainACCEPT udp -- anywhere anywhere >> udp dpt:domain >>ACCEPT tcp -- anywhere anywhere tcp >>dpt:httpACCEPT tcp -- anywhere anywhere >>tcp spt:http >>ACCEPT tcp -- anywhere anywhere tcp >>spt:10000ACCEPT tcp -- anywhere anywhere >> tcp dpt:smtp >>ACCEPT tcp -- anywhere anywhere tcp >>spt:smtpACCEPT tcp -- anywhere anywhere >>tcp dpt:pop3 >>ACCEPT tcp -- anywhere anywhere tcp >>spt:pop3ACCEPT udp -- anywhere anywhere >>udp >>dpt:netbios-ns >>ACCEPT tcp -- anywhere anywhere tcp >>dpt:netbios-ssn >>ACCEPT tcp -- anywhere anywhere tcp >>dpt:microsoft-ds >>ACCEPT udp -- anywhere anywhere udp >>spt:netbios-ns >>ACCEPT tcp -- anywhere anywhere tcp >>spt:netbios-ssn >>ACCEPT tcp -- anywhere anywhere tcp >>spt:microsoft-ds >>Tabla: nat >>Chain PREROUTING (policy ACCEPT) >>target prot opt source destination >> >>Chain POSTROUTING (policy ACCEPT) >>target prot opt source destination >>MASQUERADE all -- anywhere anywhere >> >>Chain OUTPUT (policy ACCEPT) >>target prot opt source destination >> >>-- >>Jose Miguel Vidal Lavin User #333809 http://couter.li.org >>Departamento de Informática Fono : 6764600 >>Cobranzas y Servicios Afines 6764622 >>Bulnes 317, Oficina 612 >> >> >> > > > -- Jose Miguel Vidal Lavin User #333809 http://couter.li.org Departamento de Informática Fono : 6764600 Cobranzas y Servicios Afines 6764622 Bulnes 317, Oficina 612
