Problemas con nat
Jose Miguel Vidal Lavin
jmvidal en sertotal.cl
Lun Mar 8 12:12:46 CLST 2004
es que no necesito redireccionar ningun puerto a squid ya que me conecto
al nat por el gateway y no por el proxy.
w t c wrote:
> Me parece que no le estas diciendo a iptables que redireccione las peticiones hacia el puerto donde esta escuchando squid. Revisa la configuración de squid.conf (el puerto) y le pones esa instrucción a tu iptables.
> Ojala te sirva
>
> ----- Mensaje original -----
> De: Jose Miguel Vidal Lavin <jmvidal en sertotal.cl>
> Fecha: Miércoles, Marzo 3, 2004 7:39 am
> Asunto: Problemas con nat
>
>
>>Señores
>>
>> Tengo una máquina que funciona com squid proxy y funciona bien,
>>inclusive me filtra msn, kazaa y demases. El problema es que tengo
>>ke
>>usar nat para habilitar todos los servicios a ciertas máquinas y
>>eso lo
>>hago desde una máquina que tengo de firewall pero de un momento a
>>otro
>>dejó de funcionar el ruteo y no me puedo conectar a internet
>>usando esa
>>puerta de enlace, he revisado toda la configuración y no he podido
>>encontrar el error.
>>
>> mi configuración que me entrega iptables es la siguiente:
>>
>>Tabla: mangle
>>Chain PREROUTING (policy ACCEPT)
>>target prot opt source destination
>>
>>Chain INPUT (policy ACCEPT)
>>target prot opt source destination
>>
>>Chain FORWARD (policy ACCEPT)
>>target prot opt source destination
>>
>>Chain OUTPUT (policy ACCEPT)
>>target prot opt source destination
>>
>>Chain POSTROUTING (policy ACCEPT)
>>target prot opt source destination
>>Tabla: filter
>>Chain INPUT (policy DROP)
>>target prot opt source destination
>>ACCEPT icmp -- anywhere anywhere icmp
>>echo-request
>>ACCEPT tcp -- anywhere anywhere tcp
>>dpt:sshACCEPT tcp -- anywhere anywhere
>>tcp spt:ssh
>>ACCEPT tcp -- anywhere anywhere tcp
>>dpt:ftpACCEPT tcp -- anywhere anywhere
>>tcp dpt:ftp-data
>>ACCEPT tcp -- anywhere anywhere tcp
>>dpt:httpACCEPT tcp -- anywhere anywhere
>>tcp spt:http
>>ACCEPT tcp -- anywhere anywhere tcp
>>dpt:smtpACCEPT tcp -- anywhere anywhere
>>tcp spt:smtp
>>ACCEPT tcp -- anywhere anywhere tcp
>>dpt:pop3ACCEPT tcp -- anywhere anywhere
>>tcp spt:pop3
>>ACCEPT udp -- anywhere anywhere udp
>>dpt:netbios-ns
>>ACCEPT tcp -- anywhere anywhere tcp
>>dpt:netbios-ssn
>>ACCEPT tcp -- anywhere anywhere tcp
>>dpt:microsoft-ds
>>ACCEPT udp -- anywhere anywhere udp
>>spt:netbios-ns
>>ACCEPT tcp -- anywhere anywhere tcp
>>spt:netbios-ssn
>>ACCEPT tcp -- anywhere anywhere tcp
>>spt:microsoft-ds
>>REJECT tcp -- anywhere anywhere tcp
>>dpt:sunrpc reject-with icmp-port-unreachable
>>
>>Chain FORWARD (policy DROP)
>>target prot opt source destination
>>ACCEPT tcp -- anywhere anywhere tcp
>>dpt:httpACCEPT tcp -- anywhere anywhere
>>tcp spt:http
>>ACCEPT udp -- anywhere anywhere udp
>>dpt:httpACCEPT udp -- anywhere anywhere
>>udp spt:http
>>
>>Chain OUTPUT (policy DROP)
>>target prot opt source destination
>>ACCEPT icmp -- anywhere anywhere icmp
>>echo-reply
>>ACCEPT icmp -- anywhere anywhere
>>ACCEPT tcp -- anywhere anywhere tcp
>>dpt:sshACCEPT tcp -- anywhere anywhere
>>tcp spt:ssh
>>ACCEPT tcp -- anywhere anywhere tcp
>>spt:ftpACCEPT tcp -- anywhere anywhere
>>tcp spt:ftp-data
>>ACCEPT tcp -- anywhere anywhere tcp
>>dpt:domainACCEPT udp -- anywhere anywhere
>> udp dpt:domain
>>ACCEPT tcp -- anywhere anywhere tcp
>>dpt:httpACCEPT tcp -- anywhere anywhere
>>tcp spt:http
>>ACCEPT tcp -- anywhere anywhere tcp
>>spt:10000ACCEPT tcp -- anywhere anywhere
>> tcp dpt:smtp
>>ACCEPT tcp -- anywhere anywhere tcp
>>spt:smtpACCEPT tcp -- anywhere anywhere
>>tcp dpt:pop3
>>ACCEPT tcp -- anywhere anywhere tcp
>>spt:pop3ACCEPT udp -- anywhere anywhere
>>udp
>>dpt:netbios-ns
>>ACCEPT tcp -- anywhere anywhere tcp
>>dpt:netbios-ssn
>>ACCEPT tcp -- anywhere anywhere tcp
>>dpt:microsoft-ds
>>ACCEPT udp -- anywhere anywhere udp
>>spt:netbios-ns
>>ACCEPT tcp -- anywhere anywhere tcp
>>spt:netbios-ssn
>>ACCEPT tcp -- anywhere anywhere tcp
>>spt:microsoft-ds
>>Tabla: nat
>>Chain PREROUTING (policy ACCEPT)
>>target prot opt source destination
>>
>>Chain POSTROUTING (policy ACCEPT)
>>target prot opt source destination
>>MASQUERADE all -- anywhere anywhere
>>
>>Chain OUTPUT (policy ACCEPT)
>>target prot opt source destination
>>
>>--
>>Jose Miguel Vidal Lavin User #333809 http://couter.li.org
>>Departamento de Informática Fono : 6764600
>>Cobranzas y Servicios Afines 6764622
>>Bulnes 317, Oficina 612
>>
>>
>>
>
>
>
--
Jose Miguel Vidal Lavin User #333809 http://couter.li.org
Departamento de Informática Fono : 6764600
Cobranzas y Servicios Afines 6764622
Bulnes 317, Oficina 612
Más información sobre la lista de distribución Linux