Results 1 to 2 of 2

Thread: Firewall stops access after minutes

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Thanked 0 Times in 0 Posts
    Rep Power

    Default Firewall stops access after minutes

    Hi All,

    tried posting this on the proxy section with no responses - hoping the firewall section could help:

    I have a transparent proxy as per the "in 3 easy steps" page on this site. Trouble is that iptables refuses access after a few mintes (works fine then stops) - but iptables is still up and appears happy.

    stop iptables and the clients can see the internet again.

    here is my script:

    /etc/fw.proxy (Which sets up the iptables)

    # squid server IP
    # Interface connected to Internet
    # Interface connected to LAN
    # Squid port

    # Clean old firewall
    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    iptables -t mangle -F
    iptables -t mangle -X
    # Load IPTABLES modules for NAT and IP conntrack support
    modprobe ip_conntrack
    modprobe ip_conntrack_ftp
    # For win xp ftp client
    #modprobe ip_nat_ftp
    echo 1 > /proc/sys/net/ipv4/ip_forward
    # Setting default filter policy
    iptables -P INPUT DROP
    iptables -P OUTPUT ACCEPT
    # Unlimited access to loop back
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT
    # Allow UDP, DNS and Passive FTP
    iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
    # set this system as a router for Rest of LAN
    iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
    iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
    # unlimited access to LAN
    iptables -A INPUT -i $LAN_IN -j ACCEPT
    iptables -A OUTPUT -o $LAN_IN -j ACCEPT
    # DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
    iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
    # if it is same system
    iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
    # DROP everything and Log it
    iptables -A INPUT -j LOG
    iptables -A INPUT -j DROP

    Appreciate any thoughts you may have.

  2. #2
    Senior Member
    Join Date
    Jun 2007
    Hyderabad, AP, India
    Thanked 55 Times in 48 Posts
    Rep Power


    Can you logs when it is stopping?
    Surendra Kumar Anne
    Linux: Fast, friendly, flexible and .... free!
    Support Open source.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Squid \ IP Tables just stops after a few minutes
    By Denzil in forum Proxy Servers
    Replies: 5
    Last Post: 27th January 2010, 02:33 PM
  2. Replies: 1
    Last Post: 11th February 2008, 12:39 PM
  3. Fedora 8 Installation Hangs / Stops at
    By maria_88 in forum Linux software
    Replies: 2
    Last Post: 13th December 2007, 05:01 PM
  4. Replies: 1
    Last Post: 30th December 2005, 12:49 AM
  5. MRTG stops logging
    By nathan86 in forum Linux software
    Replies: 12
    Last Post: 23rd March 2005, 07:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts