<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2180" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face="Courier New" size=2>Buenos días tengo una máquina centos con
realizando funciones de proxy/muro de acceso a internet con las siguiente
configuración de iptables y squid.</FONT></DIV>
<DIV><FONT face="Courier New" size=2>Una vez relaizado en el script de iptables,
salvado y ejecutado con start funciona perfectamente. Pero el problema que
no entiendo es que cuando reinicio la máquina y ejecuto service squid start y
service iptables start outlook express no me pasa es como si el puerto 110 se
cerrase. Que hago mal?. Muchas gracias</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Courier New"
size=2>iptables –F</FONT></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Courier New"
size=2>iptables –X</FONT></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT face="Courier New"
size=2>iptables –Z</FONT></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT size=2>iptables
–t nat –F<?xml:namespace prefix = o ns =
"urn:schemas-microsoft-com:office:office" /><o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT size=2>iptables
–P INPUT ACCPET<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT size=2>iptables
–P OUTPUT ACCEPT<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT size=2>iptables
–P FORWARD ACCEPT<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT size=2>iptables
–t nat –P PREROUTING ACCEPT<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT size=2>iptables
–t nat –P POSTROUTING ACCEPT<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT
size=2>/sbin/iptables –A INPUT –i lo –j
ACCEPT<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT size=2>iptables
–A INPUT –s 192.168.0.0/24 –i eth1 –j<SPAN style="mso-spacerun: yes">
</SPAN>ACCEPT<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT
size=2>iptables<SPAN style="mso-spacerun: yes"> </SPAN>-A FORWARD –s
192.168.0.0/24 –i eth1 –p tcp –dport<SPAN style="mso-spacerun: yes">
</SPAN>80 –j ACCEPT<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT
size=2>iptables<SPAN style="mso-spacerun: yes"> </SPAN>-A FORWARD –s
192.168.0.0/24 –i eth1 –p tcp –dport<SPAN style="mso-spacerun: yes">
</SPAN>443 –j ACCEPT<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT size=2>iptables
<SPAN style="mso-spacerun: yes"> </SPAN>-A FORWARD –s 192.168.0.0/24 –i
eth1 –p tcp –dport<SPAN style="mso-spacerun: yes"> </SPAN>993 –j
ACCEPT<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT
size=2>iptables<SPAN style="mso-spacerun: yes"> </SPAN>-A FORWARD –s
192.168.0.0/24 –i eth1 –p tcp –dport<SPAN style="mso-spacerun: yes">
</SPAN>995 –j ACCEPT<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT
size=2>iptables<SPAN style="mso-spacerun: yes"> </SPAN>-A FORWARD –s
192.168.0.0/24 –i eth1 –p tcp –dport<SPAN style="mso-spacerun: yes">
</SPAN>110 –j ACCEPT<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT
size=2>iptables<SPAN style="mso-spacerun: yes"> </SPAN>-A FORWARD –s
192.168.0.0/24 –i eth1 –p tcp –dport<SPAN style="mso-spacerun: yes">
</SPAN>465 –j ACCEPT<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT
size=2>iptables<SPAN style="mso-spacerun: yes"> </SPAN>-A FORWARD –s
192.168.0.0/24 –i eth1 –p tcp –dport<SPAN style="mso-spacerun: yes">
</SPAN>25 –j ACCEPT<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT
size=2>iptables<SPAN style="mso-spacerun: yes"> </SPAN>-A FORWARD –s
192.168.0.0/24 –i eth1 –p tcp –dport<SPAN style="mso-spacerun: yes">
</SPAN>53 –j ACCEPT<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT
size=2>iptables<SPAN style="mso-spacerun: yes"> </SPAN>-A FORWARD –s
192.168.0.0/24 –i eth1 –p udp –dport<SPAN style="mso-spacerun: yes">
</SPAN>53 –j ACCEPT<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT
size=2>iptables<SPAN style="mso-spacerun: yes"> </SPAN>-A FORWARD –s
192.168.0.0/24 –i eth1 –p tcp –dport<SPAN style="mso-spacerun: yes">
</SPAN>1863 –j ACCEPT<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT
size=2>iptables<SPAN style="mso-spacerun: yes"> </SPAN>-A FORWARD –s
192.168.0.0/24 –i eth1 –j DROP<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT size=2>iptables
–t nat –A PREROUTING –s 192.168.0.0/24 –i eth1 –p tcp –dport 80 –j REDIRECT
–to-port 3128<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT size=2>iptables
–t nat –A POSTROUTING –s 192.168.0.0/24 –o eth0 –j
MASQUERADE<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT size=2>echo 1
> /proc/sys/net/ipv4/ip_forward<o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB"><FONT face="Courier New"><FONT size=2>service
iptables save<o:p></o:p></FONT></FONT></SPAN></P>
<DIV><SPAN lang=EN-GB
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: ES; mso-bidi-language: AR-SA"><FONT
face="Courier New" size=2>service iptables start</FONT></SPAN></DIV>
<DIV><SPAN lang=EN-GB
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: ES; mso-bidi-language: AR-SA"><FONT
face="Courier New" size=2>_________</FONT></SPAN></DIV>
<DIV><SPAN lang=EN-GB
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: ES; mso-bidi-language: AR-SA"><FONT
face=Arial><FONT face="Courier New" size=2> </FONT><PRE class=western><FONT size=2>visible_hostname squid
http_port 3128 transparent
http_port 8080 transparent
cache_mem 100 MB
cache_swap_low 80
cache_swap_high 100
maximum_object_size 20000 KB
cache_dir ufs /var/spool/squid 25000 16 256
cache_store_log none
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
#acl todalared src 192.168.0.0/255.255.255.0
acl permitidos src "/etc/squid/permitidos"
acl reglas url_regex "/etc/squid/reglas"
acl horario time SMTWHFA 00:00-08:00
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
#acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
#logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
#logformat squidmime %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt [%>h] [%<h]
logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh
#logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log squid
ie_refresh on
http_access allow manager localhost
http_access deny manager
#http_access allow todalared
http_access allow permitidos !reglas !horario
#http_access allow !reglas
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
</FONT></PRE></FONT></SPAN></DIV>
<DIV><SPAN lang=EN-GB
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: ES; mso-bidi-language: AR-SA"><FONT
face=Arial size=2></FONT></SPAN> </DIV>
<DIV><SPAN lang=EN-GB
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: ES; mso-bidi-language: AR-SA"><FONT
face=Arial size=2></FONT></SPAN> </DIV>
<DIV><SPAN lang=EN-GB
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-ansi-language: EN-GB; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: ES; mso-bidi-language: AR-SA"><FONT
face=Arial size=2></FONT></SPAN> </DIV></BODY></HTML>