Ping a Specific Port

Question

gaffcz

Asked: 2012-03-21 05:57:20 +0800 CST2012-03-21 05:57:20 +0800 CST 2012-03-21 05:57:20 +0800 CST

SQUID proxy + iptables

772

I'm using squid3 (on ubuntu 10.10) and it manage connection completelly fine.

But how can I secure the traffic by setting the firewall on the same server?

If I use firewalls like ufw or firestarter, I'm not able to allow the squid port.

So I've tried to add some rules to iptables.up.rules, e.g.

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A INPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -i eth1 -p tcp --dport 3128
iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o eth0 -p tcp --dport 80
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i eth0 -p tcp --sport 80
iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -o eth1 -p tcp --sport 80

Connection works, but I think iptables doesn't. How to make iptables to deny all the traffic and allow choosed ports only?

1 Answers

Voted

adaptr · Answer 1 · 2012-03-21T06:01:34+08:00

adaptr

2012-03-21T06:01:34+08:002012-03-21T06:01:34+08:00

You should set your INPUT policy to DENY, so all traffic that does not explicitly match one of the above rules is rejected.

I would also consider dropping the OUTPUT rules, since these add no extra security.

2

SQUID proxy + iptables

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?