iptables rules on squid proxy machine

iptables proxy squid
7,727

You seem to have used sport instead of dport and vice versa in the firewall rules. It should be:

iptables -A INPUT -p tcp -s "$my_pc_ip" --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -d "$my_pc_ip" --sport 3128 -m state --state ESTABLISHED -j ACCEPT

Since the rules are on your proxy server, in INPUT chain the packets match should be with dport , i.e., the port on which your proxy is running and similarly in OUTPUT chain it should match with sport from where the packets are originating.

Share:
7,727

Related videos on Youtube

mulllhausen
Author by

mulllhausen

Updated on September 18, 2022

Comments

  • mulllhausen
    mulllhausen over 1 year

    I use my web-browser to connect to the internet via a squid proxy server (which I own). The proxy port is 3128. I want to lock down the other ports on the machine running the proxy server, however my iptables rules are killing the proxy completely. The following rules DO work:

    iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
# other rules here for web access, dns, etc
iptables -A INPUT -p tcp -s "$my_pc_ip" -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -d "$my_pc_ip" -m state --state ESTABLISHED -j ACCEPT

    But obviously, no ports are specified here, so this does not achieve the goal. However when I specify in the proxy port then I am unable to access the internet via the proxy from the web-browser:

    iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
# other rules here for web access, dns, etc
iptables -A INPUT -p tcp -s "$my_pc_ip" --sport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -d "$my_pc_ip" --dport 3128 -m state --state ESTABLISHED -j ACCEPT

    Why are the second set of rules not working?

  • mulllhausen
    mulllhausen over 6 years
    right you are. i could swear i tried this, but i must not have, since it is working now :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

iptables doesn't redirect http traffic to my Squid proxy!
Route outgoing VPN traffic through local transparent proxy
Squid running in intercept mode on same machine as browser keeps giving access denied
By passing squid for few hosts using iptables
How to route all local trafic to Squid?
How To Route All HTTP Traffic from eth1 to the Squid Proxy? The Iptable rules?
Redirect OpenVPN gateway traffic to Privoxy
How to configure Squid connection|read|write timeout per Request instead of Globally
Reverse proxy from nginx to squid
Is it possible to install proxy server to DD-WRT?