I tought to restrict IP Class subnets in the interfaces, but i tought to do it later.
What i want to implement is a simple gateway to the Internet for the internal network, i don't want masquerading or a complex firewall. I only want to give internet access to the LAN, and force a Squid transparent proxy. (i have the redirect rule commented , but i tested before and it seems to work). So basically ,and before the squid redirection, i want to give internet access to my lan without masq, without filters. This rules seems to work but not in the optimal way because there are delays in the display of the web pages, the email downloading etc., even with only 1 or 2 computers connected in the lan. I hope that i could to explain it . Thanks for all your help, KarinaI Antony Stone wrote: > On Wednesday 03 July 2002 7:41 pm, Karina G�mez Salgado wrote: > > > The rules i'm using are these: > > -------------------------------- > > > > $IPTABLES -P INPUT DROP > > $IPTABLES -P OUTPUT DROP > > $IPTABLES -P FORWARD DROP > > > > $IPTABLES -A INPUT -s $UNIVERSE -d $UNIVERSE -j ACCEPT -v > > > > $IPTABLES -A OUTPUT -s $UNIVERSE -d $UNIVERSE -j ACCEPT -v > > > > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT -v > > > > $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT -v > > So, you're setting a default policy of DROP on INPUT, FORWARD and OUTPUT - > very good. > > Then, you're allowing absolutely everything in, from anywhere, you're > allowing absolutely everything out, to anywhere, you're forwarding everything > from the outside to the inside, and you're forwading everything from the > inside to the outside. > > This is not a firewall, this is a complex way to plug the Internet into your > network. > > What do you want to allow, and what do you want to block ? These rules ar > doing nothing for you. > > > > Antony. -- Karina G�mez
