On Thursday 04 July 2002 1:00 pm, david wrote: > I amtrying to set a dns and proxy server
I assume this means you want to run DNS and an http proxy such as squid on the machine running the Firewall. If this is not correct, post again and tell us what iptables rules you are trying to set up (which is what I was trying to ask). Anyway, if that is the correct assumption, how about a set of rules such as this ? # Standard default policies iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP # Allow in DNS requests iptables -A INPUT -p tcp --dport 53 -j ACCEPT iptables -A INPUT -p udp --dport 53 -j ACCEPT # Allow out DNS requests iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT iptables -A OUTPUT -p udp --dport 53 -j ACCEPT # Redirect http requests to local proxy iptables -A PREROUTING -t nat -p tcp --dport 80 -j DNAT 127.0.0.1:80 # Allow proxy requests out of machine iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT # Allow replies etc back in again iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT Antony. > ----- Original Message ----- > From: "Antony Stone" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, July 04, 2002 4:53 PM > Subject: Re: I need help , please > > > On Thursday 04 July 2002 9:38 am, david wrote: > > > It was a mistake.What I do is > > > > > > # service iptables save > > > after that I got a new file in /etc/sysconfig/iptables . > > > and then : > > > #/etc/rc.d/init.d/iptables restart 2>salida8 > > > .And here you see all the errors. > > > > What rules are you trying to set ? > > > > Have you compiled all the required bits of iptables into the kernel or > > are you loading modules ? > > > > > > > > Antony.
