Iptables help for novice.

[Kai-india]

Hi,

I have a Fedora Core 5 box with two NIC's in it. The services running on it are Squid (port 3128) and SAMBA to provide NTLM authentication for users on a Windows 2003 AD setup. I know all of the platform information has nothing to do with iptables but maybe it will help you understand my problem better.

Ok, now at the moment everything is working fine. Currently iptables is configured to forward all packets destined for eth1 to eth0.

I used the following iptables syntax to get this working (also enabled forwarding in sysctl.conf)

iptables -I FORWARD -i eth1 -o eth0 -j ACCEPT

I also have NAT setup on POSTROUTING on the eth0 interface.

Now I have been told and have read online that transparent proxying and NTLM do not work well together. I am fine with that.

What i want to accomplish is any client machine on the eth1 side that does not have proxy settings entered should not be able to surf the internet. That is, if a client makes a request on port 80 on eth1 then the linux box should drop/reject that request. But if same the client had proxy settings enabled, then the request for a webpage would go through port 3128.

Is this possible?? will this work? I have been experimenting with different iptables rules and no success. I feel this should be simple to accomplish.

Can someone please tell me the exact iptables syntax for dropping all requests for port 80 on eth1. Please remember a forwarding rule is in effect for eth1 to forward to eth0. Any help would be greatly appreciated.

[nick.stumpos]

I have personally never used it, but firestarter is a gui for iptable, maybe it will make this task easier for you

[Kai-india]

thanks for that. will try that. I would still like to hear any other suggestions people have too.