[squid-users] Squid Proxy with simple iptable rule ...
Arsalan Hussain
arsalan at preston.edu.pk
Mon Apr 17 12:45:55 UTC 2017
Dear Sir Amos
I had reconfigured Squid 3.5 and it works fine. but i want to protect WAN
interface through IPTABLES
1- can you help me chain rule of simple iptable which drop all trafic from
WAN eth0 to secure and allow squid user request from LAN eth1 only. (my
WAN send flood by public and it waste my all bandwidth)
For Example:
-A INPUT -j LOG
-A INPUT -j DROP
Then allow
-A INPUT-i eth1 -j ACCEPT
-A FORWARD -i eth1 -j ACCEPT
but its block traffic. Can you please help me what allow rule will works
for Squid 3.5 when i secure my WAN.
On Fri, Apr 14, 2017 at 4:28 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 13/04/2017 11:46 p.m., Arsalan Hussain wrote:
> > Dear All,
> >
> > I am facing problem with iptable rules for squid 3.5.23. my simple squid
> > configuration is attached and also iptable rules.
> >
> > It works fine when i restart squid, iptables, network services but after
> a
> > while it give problem of slow speed or even rejecting packets in squid
> > access.log
>
> Your squid.conf first line says that Browsers are configured to use the
> proxy. That means iptables doing NAT is not relevant.
>
> You also have a mix of a many very different and half-setup proxying
> configurations in your configs.
>
>
> First get that sorted out. Telling us what do you actually want the
> traffic to be doing might be a good start.
>
> What is going wrong is clear, but "I am facing a problem" does not tell
> what we should advise to fix that and in this case your config is so
> mixed its not easy to even make a good guess.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
--
With Regards,
*Arsalan Hussain*
*Assistant Director, Networks & Information System*
*PRESTON UNIVERSITY*
Add: Plot: 85, Street No: 3, Sector H-8/1, Islamabad, Pakistan
Cell: +92-322-5018611
UAN: (51) 111-707-808 (Ext: 443)
*If you are too lazy to plow now, don't expect a harvest, later*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170417/a3f83450/attachment.html>
More information about the squid-users
mailing list