Scribd
Upload
8 views

Forward To Squid

This document contains an iptables script that configures a system as a firewall and transparent proxy. It sets default policies, allows established connections, masquerades traffic from the LAN, and redirects port 80 requests to the Squid proxy server and port.

Uploaded by

Mustika HeshDee
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
8 views

Forward To Squid

This document contains an iptables script that configures a system as a firewall and transparent proxy. It sets default policies, allows established connections, masquerades traffic from the LAN, and redirects port 80 requests to the Squid proxy server and port.

Uploaded by

Mustika HeshDee
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

#!/bin/sh # squid server IP SQUID_SERVER= 10.6.19.26? # Interface connected to Internet INTERNET= eth0? # Interface connected to LAN LAN_IN= eth0:1?

# Squid port SQUID_PORT= 8080? # DO NOT MODIFY BELOW # Clean old firewall iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # Load IPTABLES modules for NAT and IP conntrack support modprobe ip_conntrack modprobe ip_conntrack_ftp # For win xp ftp client #modprobe ip_nat_ftp echo 1 > /proc/sys/net/ipv4/ip_forward # Setting default filter policy iptables -P INPUT DROP iptables -P OUTPUT ACCEPT # Unlimited access to loop back iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Allow UDP, DNS and Passive FTP iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT # set this system as a router for Rest of LAN iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT # unlimited access to LAN iptables -A INPUT -i $LAN_IN -j ACCEPT iptables -A OUTPUT -o $LAN_IN -j ACCEPT # DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT # if it is same system iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT

# DROP everything and Log it iptables -A INPUT -j LOG iptables -A INPUT -j DROP

You might also like