LinuxMCE Forums
General => Users => Topic started by: rwilson131 on January 19, 2008, 10:00:11 pm
-
I am trying to add a firewall rule to forward ports to 8081 as described in http://wiki.linuxmce.org/index.php/Installing_Dansguardian
I do not think the firewall rules are being updated as the page states.
here is the output of iptables -L before and after adding a new rule
dcerouter_24050:/etc/dansguardian# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere MARK match 0x1
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT 0 -- 192.168.80.0/24 anywhere
ACCEPT udp -- anywhere anywhere udp dpt:iax
ACCEPT udp -- anywhere anywhere udp dpt:sip
ACCEPT udp -- anywhere anywhere udp dpt:2000
ACCEPT tcp -- anywhere anywhere tcp dpt:sieve
ACCEPT tcp -- anywhere anywhere tcp dpt:9001
ACCEPT tcp -- anywhere anywhere tcp dpt:9030
ACCEPT tcp -- anywhere anywhere tcp dpt:www
Chain FORWARD (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
If I manually tell Firefox to use port 8081 at 192.168.80.1 then it correctly blocks unwanted sites.
Is any one else seeing this and if so is there a simple way to get these to update. I even did a router reload and although the firewall page has the new rule listed, it is not listed on the iptables -L output.
Thanks,
Rob
-
Use this command:
iptables -t nat -xvnL
to see NAT related firewall entries.
-
Here is the output requested, so it is getting loaded.
dcerouter_24050:~# iptables -t nat -xvnL
Chain PREROUTING (policy ACCEPT 40 packets, 2886 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:192.168.80.1:8081
Chain POSTROUTING (policy ACCEPT 6 packets, 480 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE 0 -- * eth0 192.168.80.0/24 !192.168.80.0/24
Chain OUTPUT (policy ACCEPT 6 packets, 480 bytes)
pkts bytes target prot opt in out source destination
My question is now, why did this same rule forward all outgoing browser requests to port 8081 in 704 and now it does not?
Is there another way to handle outgoing connections.
I would like to figure this one out.
right now the work around is to manually tell all browsers to us proxy 192.168.80.1:8081
Thanks,
Rob