On Fri, Dec 31, 2010 at 10:19 AM, Roland RoLaNd <r_o_l_a_n_d at hotmail.com> wrote: > Secondly, i'm trying to setup a centos 5.4 to act as: > > 1. firewall # can you check my config below and tell me if i missed anything? > 2. DHCP # already configured > 3. transparent squid proxy # already configured > 4. http (virtual hosts) # in the near future > 5. squirrelmail # in the near future > > - Relevant info: > > Two NICs: > > eth0 LAN: with dhcp service: 192.168.57.1(255.255.255.0) # my lan users are connected to this interface > eth1 WAN: static: 172.16.2.14 gw/172.16.2.13 (255.255.255.248) # My isp is connected to this interface > > I want my firewall to do the following: > > 1. get my box to be completely secure from outside access, in other words deny all access from the outside world to my box &/or my LAN > 2. allow my LAN users to access the internet/ box without any restrictions, through a transparent squid installation So you are only allowing http and https transparently through squid? The reason I ask is you only showed the firewall rules not the nat table. Otherwise you need to setup nat masquerading to allow other connections out. Have you though of virtualizing your firewall with a purpose built distribution like Vyatta or pfSense? I have taken this approach with my setup. I find it makes updates easy and provides better uptime. I'm running everything on ESXi and have a handful of virtual machines. - Vyatta Firewall - CentOS 5.5 Web Server and MySQL - CentOS 5.5 Zimbra Email - CentOS 5.5 DHCP and DNS