<div dir="ltr"><div><div><div>Dear Sir Amos<br><br></div>I had reconfigured Squid 3.5 and it works fine. but i want to protect WAN interface through IPTABLES<br><br></div>1-
can you help me chain rule of simple iptable which drop all trafic from
WAN eth0 to secure and allow squid user request from LAN eth1 only.
(my WAN send flood by public and it waste my all bandwidth)<br><br>For Example:<br>-A INPUT -j LOG <br>-A INPUT -j DROP <br><br></div><div>Then allow<br>-A INPUT-i eth1 -j ACCEPT<br>-A FORWARD -i eth1 -j ACCEPT<br><br></div>but its block traffic. Can you please help me what allow rule will works for Squid 3.5 when i secure my WAN.</div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Apr 14, 2017 at 4:28 PM, Amos Jeffries <span dir="ltr"><<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 13/04/2017 11:46 p.m., Arsalan Hussain wrote:<br>
> Dear All,<br>
><br>
> I am facing problem with iptable rules for squid 3.5.23. my simple squid<br>
> configuration is attached and also iptable rules.<br>
><br>
> It works fine when i restart squid, iptables, network services but after a<br>
> while it give problem of slow speed or even rejecting packets in squid<br>
> access.log<br>
<br>
</span>Your squid.conf first line says that Browsers are configured to use the<br>
proxy. That means iptables doing NAT is not relevant.<br>
<br>
You also have a mix of a many very different and half-setup proxying<br>
configurations in your configs.<br>
<br>
<br>
First get that sorted out. Telling us what do you actually want the<br>
traffic to be doing might be a good start.<br>
<br>
What is going wrong is clear, but "I am facing a problem" does not tell<br>
what we should advise to fix that and in this case your config is so<br>
mixed its not easy to even make a good guess.<br>
<br>
Amos<br>
<br>
______________________________<wbr>_________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.<wbr>org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/<wbr>listinfo/squid-users</a><br>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">With Regards,<br>
<p><br><b style="font-size:12.8px"><span style="color:rgb(23,54,93);background-image:initial;background-position:initial;background-repeat:initial">Arsalan Hussain</span></b><br><b style="font-size:12.8px"><span style="color:#c0504d">Assistant Director, Networks & Information System</span></b></p><p><span><b style="font-size:12.8px"><span style="font-size:14.0pt;font-family:"Baskerville Old Face",serif;color:#4f81bd">PRESTON UNIVERSITY</span></b><br><span style="color:rgb(31,73,125);font-size:12.8px">Add: Plot: 85, Street No: 3, Sector H-8/1, Islamabad, Pakistan</span><br><span style="color:rgb(31,73,125);font-size:12.8px">Cell: +92-322-5018611</span><br><span style="color:rgb(31,73,125);font-size:12.8px">UAN: (51) 111-707-808 (Ext: 443)</span></span></p><div><b><font size="2">If you are too lazy to plow now, don't expect a harvest, later</font></b><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>