Problemas con nat

w t c wlatc en 123mail.cl
Lun Mar 8 08:39:39 CLST 2004 

Me parece que no le estas diciendo a iptables que redireccione las peticiones hacia el puerto donde esta escuchando squid. Revisa la configuración de squid.conf (el puerto) y le pones esa instrucción a tu iptables.
Ojala te sirva

----- Mensaje original -----
De: Jose Miguel Vidal Lavin <jmvidal en sertotal.cl>
Fecha: Miércoles, Marzo 3, 2004 7:39 am
Asunto: Problemas con nat

> Señores
> 
> 	Tengo una máquina que funciona com squid proxy y funciona bien, 
> inclusive me filtra msn, kazaa y demases. El problema es que tengo 
> ke 
> usar nat para habilitar todos los servicios a ciertas máquinas y 
> eso lo 
> hago desde una máquina que tengo de firewall pero de un momento a 
> otro 
> dejó de funcionar el ruteo y no me puedo conectar a internet 
> usando esa 
> puerta de enlace, he revisado toda la configuración y no he podido 
> encontrar el error.
> 
> 	mi configuración que me entrega iptables es la siguiente:
> 
> Tabla: mangle
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
> Tabla: filter
> Chain INPUT (policy DROP)
> target     prot opt source               destination
> ACCEPT     icmp --  anywhere             anywhere           icmp 
> echo-request
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> dpt:sshACCEPT     tcp  --  anywhere             anywhere           
> tcp spt:ssh
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> dpt:ftpACCEPT     tcp  --  anywhere             anywhere           
> tcp dpt:ftp-data
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> dpt:httpACCEPT     tcp  --  anywhere             anywhere          
> tcp spt:http
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> dpt:smtpACCEPT     tcp  --  anywhere             anywhere          
> tcp spt:smtp
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> dpt:pop3ACCEPT     tcp  --  anywhere             anywhere          
> tcp spt:pop3
> ACCEPT     udp  --  anywhere             anywhere           udp 
> dpt:netbios-ns
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> dpt:netbios-ssn
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> dpt:microsoft-ds
> ACCEPT     udp  --  anywhere             anywhere           udp 
> spt:netbios-ns
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> spt:netbios-ssn
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> spt:microsoft-ds
> REJECT     tcp  --  anywhere             anywhere           tcp 
> dpt:sunrpc reject-with icmp-port-unreachable
> 
> Chain FORWARD (policy DROP)
> target     prot opt source               destination
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> dpt:httpACCEPT     tcp  --  anywhere             anywhere          
> tcp spt:http
> ACCEPT     udp  --  anywhere             anywhere           udp 
> dpt:httpACCEPT     udp  --  anywhere             anywhere          
> udp spt:http
> 
> Chain OUTPUT (policy DROP)
> target     prot opt source               destination
> ACCEPT     icmp --  anywhere             anywhere           icmp 
> echo-reply
> ACCEPT     icmp --  anywhere             anywhere
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> dpt:sshACCEPT     tcp  --  anywhere             anywhere           
> tcp spt:ssh
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> spt:ftpACCEPT     tcp  --  anywhere             anywhere           
> tcp spt:ftp-data
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> dpt:domainACCEPT     udp  --  anywhere             anywhere        
>   udp dpt:domain
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> dpt:httpACCEPT     tcp  --  anywhere             anywhere          
> tcp spt:http
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> spt:10000ACCEPT     tcp  --  anywhere             anywhere         
>  tcp dpt:smtp
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> spt:smtpACCEPT     tcp  --  anywhere             anywhere          
> tcp dpt:pop3
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> spt:pop3ACCEPT     udp  --  anywhere             anywhere          
> udp 
> dpt:netbios-ns
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> dpt:netbios-ssn
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> dpt:microsoft-ds
> ACCEPT     udp  --  anywhere             anywhere           udp 
> spt:netbios-ns
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> spt:netbios-ssn
> ACCEPT     tcp  --  anywhere             anywhere           tcp 
> spt:microsoft-ds
> Tabla: nat
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
> MASQUERADE  all  --  anywhere             anywhere
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> -- 
> Jose Miguel Vidal Lavin       User #333809 http://couter.li.org
> Departamento de Informática                      Fono : 6764600
> Cobranzas y Servicios Afines                            6764622
> Bulnes 317, Oficina 612                                     	
> 
> 
>

Más información sobre la lista de distribución Linux