[Please wrap your lines! It makes it much easier to read, and thus more likely that you'll get a response. Anywhere between 70 and 80 is acceptable; 72 seems to be a nice value.]
On Tue, Feb 18, 2003 at 02:43:49AM -0000, [EMAIL PROTECTED] wrote: > > Under debian 3 I've set up a small server working as a router of a dsl connection. >For this reason I have a firewall like this: > ............. > IPTABLES=/sbin/iptables > DEPMOD=/sbin/depmod > INSMOD=/sbin/modprobe > EXTIF="ppp0" > INTIF="eth1" > ......... > echo "1" > /proc/sys/net/ipv4/ip_forward > echo "1" > /proc/sys/net/ipv4/ip_dynaddr > $IPTABLES -P INPUT ACCEPT > $IPTABLES -F INPUT > $IPTABLES -P OUTPUT ACCEPT > $IPTABLES -F OUTPUT > $IPTABLES -P FORWARD DROP > $IPTABLES -F FORWARD > $IPTABLES -t nat -F > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j >ACCEPT > $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT > $IPTABLES -A FORWARD -j LOG > $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE > > Now, I want to protect the internet connection from access to any > undesired site (children, you know?) but at the same time I'd like to > continue receiving my mail and frequenting newsgroups. I've been > trying to set up squid on the same server but I couldn't no any longer > access my pop3, stmp and the NGs (putting of course echo "0" > > /proc/sys/net/ipv4/ip_forward) from the client. Squid is only an HTTP (and sometimes SSL/HTTP and FTP) proxy, it doesn't know about any of those other protocols. A socks proxy (in addition to squid) would work better. Or you could just leave ip forwarding enabled and transparently proxy port 80, but that's considered Evil. Google will be able to help you with both 'socks proxy' (as will apt-cache search) and 'transparent proxy squid iptables'. > Being a bit unexperienced could you please give me detailded > instructions on how to succeed in my purpose? It'd take a while and I'd still not do as good a job as other people already have; google knows all :) -- Rob Weir <[EMAIL PROTECTED]> http://ertius.org/
msg31899/pgp00000.pgp
Description: PGP signature
