Sorry...the "iptables -t nat..." line is what I wanted to have after "...make sure you have"...somehow, I forgot that I wrote that, and reiterated it in the next paragraph.
Unfortunately, yes, the bounce means that your site has been identified by someone as an open proxy. Whoever it was went to relays.osirusoft.com, and reported it. osirusoft then ran tests against your system, and found that it was, indeed, an open proxy of some sort. If you get it fixed, you can go back to http://relays.osirusoft.com, and have your system retested. If it comes back as no longer an open proxy, the test will automatically remove you from the osirusoft database. On Tue, 13 Aug 2002 [EMAIL PROTECTED] wrote: > Hi Mike : > > > Thanks for your help. I haven't changed anything yet, since I want to be > certain on what to do. > > I think you were going to say something when you said : > > "In the script that you'll use to actually generate the firewall (and then > save it later via "service iptables save", you should make sure you have:" > > But then you change the topic... > > Could you please complete verify I am not missing something ? > > By the way : > > I was trying to send straight to your address and it was bounced back with > this message : > > ... 554 Service unavailable; [210.54.128.216] blocked using > relays.osirusoft.com, reason: (2002/07/23) Open Proxy: http(3128) > > > Do this mean that our site is an open proxy ? In other words, insecure ? > > Cheers > > Carlos > > -----Original Message----- > From: Mike Burger [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, August 13, 2002 3:35 PM > To: [EMAIL PROTECTED] > Subject: Re: IPTABLES newbie question > > > First, (and I learned this the hard way) don't muck about with your > /etc/sysconfig/iptables file. > > You should have an actual script, in which you can add/remove rules to > test, and then save them if they work. > > The numbers in brackets are thresholds for accepting/dropping connections. > Why those numbers are so high, I couldn't tell you. Mine are all 0:0. > > In the script that you'll use to actually generate the firewall (and then > save it later via "service iptables save", you should make sure you have: > > Now, on to the first question...you want to set up masquerading, in order > to get your internal systems to properly get out to the net, but not be > seen, on their own, like so: > > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > On Tue, 13 Aug 2002 [EMAIL PROTECTED] wrote: > > > Hi guys: > > > > Could someone please help me out troubleshooting my iptables rules ? > > > > Believe me, I'd love to know much more of iptables to do it myself. :( > > > > Apart of the current rules, I want to allow any internal machine to open > any > > tcp ports or service in the internet. > > > > Our internal interface is eth1 > > Our public interface is eth0 > > > > By the way, who knows what these numbers in [] brackets are for ? > > > > > > All I have is the following basics: > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > ++++++++++ > > > > # Generated by iptables-save v1.2.5 on Wed Jul 31 13:56:40 2002 > > *mangle > > :PREROUTING ACCEPT [25730:10309361] > > :INPUT ACCEPT [319427:167805465] > > :FORWARD ACCEPT [51299:15977485] > > :OUTPUT ACCEPT [28110:10309728] > > :POSTROUTING ACCEPT [383968:180518409] > > COMMIT > > # Completed on Wed Jul 31 13:56:40 2002 > > # Generated by iptables-save v1.2.5 on Wed Jul 31 13:56:40 2002 > > *nat > > :PREROUTING ACCEPT [791:51072] > > :POSTROUTING ACCEPT [278:16981] > > :OUTPUT ACCEPT [245:15293] > > [1:60] -A PREROUTING -i eth0 -p tcp -m tcp --dport 110 -j DNAT > > --to-destination x.x.x.x > > [0:0] -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT > > --to-destination x.x.x.x > > COMMIT > > # Completed on Wed Jul 31 13:56:40 2002 > > # Generated by iptables-save v1.2.5 on Wed Jul 31 13:56:40 2002 > > *filter > > :INPUT DROP [455:36384] > > :FORWARD ACCEPT [93:4714] > > :OUTPUT ACCEPT [22539:7732428] > > [102:7920] -A INPUT -i lo -j ACCEPT > > [22800:10072493] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > > [0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 110 -m state --state NEW -j > > ACCEPT > > [0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 80 -m state --state NEW -j > > ACCEPT > > [279:24256] -A INPUT -i eth1 -m state --state NEW -j ACCEPT > > COMMIT > > # Completed on Wed Jul 31 13:56:40 2002 > > > > > > > > > > > > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
