[Server-devel] .6 release and Dansguardian

Jerry Vonau jvonau at shaw.ca
Fri Oct 16 20:47:17 EDT 2009


On Sat, 2009-10-17 at 00:15 +0000, Devon Connolly wrote:
> Right, I appended the aforementioned entries to "iptables-xs.in" so that  
> the resulting iptables-xs file reflected the modifications, but the rules  
> still did not take affect.  

Those entries can't just be appended, you would have to place them in a
specific place in that file. Note the *nat at the top, that is the table
you need to add the rules to, add the rules above that first COMMIT.
Since were doing the nat table and iptables is implied we just have to
use the rest of the rule statement.


*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
@@SQUID@@
-A POSTROUTING -o @@WAN@@ -j MASQUERADE
-A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
-A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT
-A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8887
-A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8887
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT

Hope that is the fix for you

Jerry




More information about the Server-devel mailing list