Good day to all,
By the way Ricky thanks for the help the chains works fine, ive just edited some rules and walla.
Can anyone help me, again I have a problem. I have a proxy, outside clients(literally) will access it because of citrix and also my local clients(office). I dont know if my outside clients can access my proxy or not. I know ive opened the port (1494) for them to pass through. Should I also open port 53 or any other port for this matter. What is missing here. Id only tested it yet on my local client but not for my outside.
Again thanks for the help that you can lend.
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
#-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -s 192.168.10.40/30 -j MASQUERADE
-A OUTPUT -o eth0 -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
COMMIT
# Completed on Sun Aug 7 15:02:51 2005
# Generated by iptables-save v1.2.7a on Sun Aug 7 15:02:51 2005
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A OUTPUT -p ICMP -j ACCEPT
#-A FORWARD -i eth1 -j ACCEPT
#-A FORWARD -o eth0 -j ACCEPT
#-A FORWARD -i eth1 -o eth0 -j ACCEPT
#-A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
#
#
#-A INPUT -s 192.168.10.43 -i eth1 -p tcp -j ACCEPT
#-A OUTPUT -d 192.168.10.43 -o eth1 -p tcp -j ACCEPT
#################CITRIXPORT######################
####################FROM OUTSIDE CLIENTS###########
-A INPUT -i eth0 -s 0/0 -p tcp --sport 1494 -j ACCEPT
-A OUTPUT -o eth0 -d 0/0 -p tcp --dport 1494 -j ACCEPT
-A INPUT -i eth0 -s 0/0 -p udp --sport 1494 -j ACCEPT
-A OUTPUT -o eth0 -d 0/0 -p udp --dport 1494 -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT
###################FROM LOCAL####################
-A INPUT -i eth1 -s 192.168.10.0/24 -p tcp --sport 1494 -j ACCEPT
-A OUTPUT -o eth1 -d 192.168.10.0/24 -p tcp --dport 1494 -j ACCEPT
-A INPUT -i eth1 -s 192.168.10.0/24 -p udp --sport 1494 -j ACCEPT
-A OUTPUT -o eth1 -d 192.168.10.0/24 -p udp --dport 1494 -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
COMMIT