Results 1 to 2 of 2

Thread: Firewall stops access after minutes

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default Firewall stops access after minutes

    Hi All,

    tried posting this on the proxy section with no responses - hoping the firewall section could help:

    I have a transparent proxy as per the "in 3 easy steps" page on this site. Trouble is that iptables refuses access after a few mintes (works fine then stops) - but iptables is still up and appears happy.

    stop iptables and the clients can see the internet again.

    here is my script:

    /etc/fw.proxy (Which sets up the iptables)

    # squid server IP
    SQUID_SERVER="10.16.0.5"
    # Interface connected to Internet
    INTERNET="eth0"
    # Interface connected to LAN
    LAN_IN="eth1"
    # Squid port
    SQUID_PORT="3128"

    # DO NOT MODIFY BELOW
    # Clean old firewall
    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    iptables -t mangle -F
    iptables -t mangle -X
    # Load IPTABLES modules for NAT and IP conntrack support
    modprobe ip_conntrack
    modprobe ip_conntrack_ftp
    # For win xp ftp client
    #modprobe ip_nat_ftp
    echo 1 > /proc/sys/net/ipv4/ip_forward
    # Setting default filter policy
    iptables -P INPUT DROP
    iptables -P OUTPUT ACCEPT
    # Unlimited access to loop back
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT
    # Allow UDP, DNS and Passive FTP
    iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
    # set this system as a router for Rest of LAN
    iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
    iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
    # unlimited access to LAN
    iptables -A INPUT -i $LAN_IN -j ACCEPT
    iptables -A OUTPUT -o $LAN_IN -j ACCEPT
    # DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
    iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
    # if it is same system
    iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
    # DROP everything and Log it
    iptables -A INPUT -j LOG
    iptables -A INPUT -j DROP

    Appreciate any thoughts you may have.

  2. #2
    Senior Member
    Join Date
    Jun 2007
    Location
    Hyderabad, AP, India
    Posts
    806
    Thanks
    44
    Thanked 55 Times in 48 Posts
    Rep Power
    13

    Default

    Can you logs when it is stopping?
    Thanks,
    Surendra Kumar Anne
    Linux: Fast, friendly, flexible and .... free!
    Support Open source.
    http://www.linuxnix.com

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Squid \ IP Tables just stops after a few minutes
    By Denzil in forum Proxy Servers
    Replies: 5
    Last Post: 27th January 2010, 02:33 PM
  2. Replies: 1
    Last Post: 11th February 2008, 12:39 PM
  3. Fedora 8 Installation Hangs / Stops at
    By maria_88 in forum Linux software
    Replies: 2
    Last Post: 13th December 2007, 05:01 PM
  4. Replies: 1
    Last Post: 30th December 2005, 12:49 AM
  5. MRTG stops logging
    By nathan86 in forum Linux software
    Replies: 12
    Last Post: 23rd March 2005, 07:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •