[Ilugc] Firefox_Mozilla
- From: rajasuperman@xxxxxxxxx (Raja Subramanian)
- Date: Wed, 14 Mar 2012 01:49:10 +0530
On Mon, Mar 12, 2012 at 8:28 PM, rmariya sagaya asirvatham
<asir.linux at gmail.com> wrote:
How can i configure my firewall to accept all outgoing web traffic only
from my proxy server
may i add below lines ?in my iptables ....
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
192.168.x.x.3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
It's high time you stopped top posting and learnt to follow mailing
list guide lines.
Your iptables rule is not correct, you are destination/reverse NAT
which is not needed in your setup. My preferred method with iptables
it to default DROP packets on the FORWARD chain. This will
ensure only traffic you explicitly permit to pass through your system
will be allowed - you can permit outbound dns, ssh, smtp/pop, etc
for select source and destination IP ranges.
Knowledge of iptables working is essential to build a successful
security system. Suggest you read the iptables documentation
fully and test thoroughly before deploying.
- Raja
Other related posts:
