Iptables and squid

[Aeros]

Hi guys,

I have set up a SuSE 10.1 linux box between my network switch and my ADSL router, and I want it to act as a proxy. So far, I've got Squid working fine - no complaints there.

However, my network PC's cannot send/receive emails if they use the linux box as a gateway. Logic tells me this is because the linux box is actively refusing connections from/to those ports. I don't need a firewall on linux at the moment, so I don't mind opening everything (even if it is just for now, so I can set everything up without worrying about access violations).

So, i've got the following idea. Please comment:

IN /etc/ini.d/boot.local, ADD:

Code:

/fwscripts/fwinit.sh

IN /fwscripts/fwinit.sh, TYPE:

Code:

iptables --flush

iptables -P INPUT ACCEPT
iptables -A INPUT -j ACCEPT

iptables -P OUTPUT ACCEPT
iptables -A OUTPUT -j ACCEPT

iptables -P FORWARD ACCEPT
iptables -A FORWARD -j ACCEPT

Is this correct? And if it is, will it allow my network PC's to send/receive emails, etc?

My second question is this: in order to make a transparent proxy, is this the correct iptables line to use:

Code:

iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128

And, is this correct for squid.conf:

Code:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Your input/comments/help/etc on these 2 questions would be much appreciated I know very little about iptables, and I am busy going through the man-pages.. yet they just give me an overall picture, and I need an actual example to actually get the hang of it.

[silence]

i dunno if this will help but this was my question

about the other question...i have no idea, but i am testing it anyway
cheers

[amitsharma_26]

My second question is this: in order to make a transparent proxy, is this the correct iptables line to use:

Code:

iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128

And, is this correct for squid.conf:

Code:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Yes, the above configuration is all what you are requiered. But make sure that you have cache_effective_user and cache_effective_group directives fixed properly corresponding to some existing users in unix passwd database on local box.

--

However, my network PC's cannot send/receive emails if they use the linux box as a gateway. Logic tells me this is because the linux box is actively refusing connections from/to those ports.

Why dont you open the required ports with firewall. BTW which email system are you using ?
___________________
Iptables port forwarding - Nating: http://amitsharma.linuxbloggers.com/portforwarding.htm
RSYNC server: http://amitsharma.linuxbloggers.com/how_to_rsync.htm
FIND command: http://amitsharma.linuxbloggers.com/how_to_find.htm
SAMBA basics & PDC rollout : http://amitsharma.linuxbloggers.com/how_to_samba.htm

[framp]

When you want to send and receive emails you usually use pop and smtp which can't be routed through a proxy. You have to open the pop (110) and smptp (25) port on your router for your clients.

[pcrack]

i agree with framp, ok lets do this step by step. You setup a linux as a proxy i dont see any problems with but if you will use it too as an gateway then you will to reconfigure your linux iptables to be a gateway and do a transparent proxy but i guess you already did the iptables script for the transparent proxy i guess you should double check and reconfigure your linux box to be gateway. Once this is done you can do a lot in the box you can transparent smtp, pop3 acceleration..etc