iptables rules on squid proxy machine
You seem to have used sport instead of dport and vice versa in the firewall rules. It should be:
iptables -A INPUT -p tcp -s "$my_pc_ip" --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -d "$my_pc_ip" --sport 3128 -m state --state ESTABLISHED -j ACCEPT
Since the rules are on your proxy server, in INPUT chain the packets match should be with dport , i.e., the port on which your proxy is running and similarly in OUTPUT chain it should match with sport from where the packets are originating.
Related videos on Youtube
mulllhausen
Updated on September 18, 2022Comments
-
mulllhausen over 1 year
I use my web-browser to connect to the internet via a squid proxy server (which I own). The proxy port is 3128. I want to lock down the other ports on the machine running the proxy server, however my
iptables
rules are killing the proxy completely. The following rules DO work:iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP # other rules here for web access, dns, etc iptables -A INPUT -p tcp -s "$my_pc_ip" -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -d "$my_pc_ip" -m state --state ESTABLISHED -j ACCEPT
But obviously, no ports are specified here, so this does not achieve the goal. However when I specify in the proxy port then I am unable to access the internet via the proxy from the web-browser:
iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP # other rules here for web access, dns, etc iptables -A INPUT -p tcp -s "$my_pc_ip" --sport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -d "$my_pc_ip" --dport 3128 -m state --state ESTABLISHED -j ACCEPT
Why are the second set of rules not working?
-
mulllhausen over 6 yearsright you are. i could swear i tried this, but i must not have, since it is working now :)