On Thursday 04 July 2002 20:20, Antony Stone wrote: > On Thursday 04 July 2002 1:00 pm, david wrote: > > I amtrying to set a dns and proxy server > > I assume this means you want to run DNS and an http proxy such as squid on > the machine running the Firewall. If this is not correct, post again and > tell us what iptables rules you are trying to set up (which is what I was > trying to ask). > > Anyway, if that is the correct assumption, how about a set of rules such as > this ? > > # Standard default policies > iptables -P INPUT DROP > iptables -P FORWARD DROP > iptables -P OUTPUT DROP > # Allow in DNS requests > iptables -A INPUT -p tcp --dport 53 -j ACCEPT > iptables -A INPUT -p udp --dport 53 -j ACCEPT > # Allow out DNS requests > iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT > iptables -A OUTPUT -p udp --dport 53 -j ACCEPT > # Redirect http requests to local proxy > iptables -A PREROUTING -t nat -p tcp --dport 80 -j DNAT 127.0.0.1:80
Anthony, just for my understanding: is this any different from: iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT ? Jan Humme.
