ayuda con squid centos 5.4

Forums: 

hola he itentado configurar el squid y me corta el internet de las maquinas clientes y me responde un mensaje que sale en el navegador pidiendo proxi el problema es que como configuro el squid sin proxi o por lo menos sin tener que poner proxi en el navegador de todas las pc cliente

la configuración de mi red lan es 10.1.1.1/255.0.0.0 targeta lan servidor los clientes son 10.1.1.2 ,4 ,5 ,6 etc sub red /255.0.0.0/puerta de enlace 10.1.1.1

La configuración que quieres

Imagen de deathUser

La configuración que quieres se denomina proxy transparente, si buscas en la web vas a encontrar muchos tutoriales acerca del tema, en concreto hay un COMO de EPE en el foro sobre compartir internet con CentOS, y mucha información sobre squid como proxy transparente (no hay mucho que configurar en squid para que acepte conexiones de proxy transparente) ...

STFW...

bye
;)

gracias por la info

gracias por la info ya pude realizar el proxi transparente pero me surgió un problema se bloqueo el msn de toda la red ninguna de las maquinas puede acceder al msn porque y como le ago para poder acceder al msn
esto me da el

iptables-save


-A htb-gen.down-10.1.1.2 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b5b
-A htb-gen.down-10.1.1.2 -p tcp -m mark --mark 0x0 -m multiport --sports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b5b
-A htb-gen.down-10.1.1.2 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b5b
-A htb-gen.down-10.1.1.2 -m mark --mark 0x0 -j MARK --set-mark 0x1b5c
-A htb-gen.down-10.1.1.2 -j ACCEPT
-A htb-gen.down-10.1.1.30 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1b97
-A htb-gen.down-10.1.1.30 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1b97
-A htb-gen.down-10.1.1.30 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b97
-A htb-gen.down-10.1.1.30 -p tcp -m mark --mark 0x0 -m multiport --sports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b97
-A htb-gen.down-10.1.1.30 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b97
-A htb-gen.down-10.1.1.30 -m mark --mark 0x0 -j MARK --set-mark 0x1b98
-A htb-gen.down-10.1.1.30 -j ACCEPT
-A htb-gen.down-10.1.1.32 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1b7f
-A htb-gen.down-10.1.1.32 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1b7f
-A htb-gen.down-10.1.1.32 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b7f
-A htb-gen.down-10.1.1.32 -p tcp -m mark --mark 0x0 -m multiport --sports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b7f
-A htb-gen.down-10.1.1.32 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b7f
-A htb-gen.down-10.1.1.32 -m mark --mark 0x0 -j MARK --set-mark 0x1b80
-A htb-gen.down-10.1.1.32 -j ACCEPT
-A htb-gen.down-10.1.1.35 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1b9d
-A htb-gen.down-10.1.1.35 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1b9d
-A htb-gen.down-10.1.1.35 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b9d
-A htb-gen.down-10.1.1.35 -p tcp -m mark --mark 0x0 -m multiport --sports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b9d
-A htb-gen.down-10.1.1.35 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b9d
-A htb-gen.down-10.1.1.35 -m mark --mark 0x0 -j MARK --set-mark 0x1b9e
-A htb-gen.down-10.1.1.35 -j ACCEPT
-A htb-gen.down-10.1.1.38 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1b67
-A htb-gen.down-10.1.1.38 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1b67
-A htb-gen.down-10.1.1.38 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b67
-A htb-gen.down-10.1.1.38 -p tcp -m mark --mark 0x0 -m multiport --sports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b67
-A htb-gen.down-10.1.1.38 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b67
-A htb-gen.down-10.1.1.38 -m mark --mark 0x0 -j MARK --set-mark 0x1b68
-A htb-gen.down-10.1.1.38 -j ACCEPT
-A htb-gen.down-10.1.1.42 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1ba9
-A htb-gen.down-10.1.1.42 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1ba9
-A htb-gen.down-10.1.1.42 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1ba9
-A htb-gen.down-10.1.1.42 -p tcp -m mark --mark 0x0 -m multiport --sports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1ba9
-A htb-gen.down-10.1.1.42 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1ba9
-A htb-gen.down-10.1.1.42 -m mark --mark 0x0 -j MARK --set-mark 0x1baa
-A htb-gen.down-10.1.1.42 -j ACCEPT
-A htb-gen.down-10.1.1.47 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1ba3
-A htb-gen.down-10.1.1.47 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1ba3
-A htb-gen.down-10.1.1.47 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1ba3
-A htb-gen.down-10.1.1.47 -p tcp -m mark --mark 0x0 -m multiport --sports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1ba3
-A htb-gen.down-10.1.1.47 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1ba3
-A htb-gen.down-10.1.1.47 -m mark --mark 0x0 -j MARK --set-mark 0x1ba4
-A htb-gen.down-10.1.1.47 -j ACCEPT
-A htb-gen.down-10.1.1.5 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1b85
-A htb-gen.down-10.1.1.5 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1b85
-A htb-gen.down-10.1.1.5 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b85
-A htb-gen.down-10.1.1.5 -p tcp -m mark --mark 0x0 -m multiport --sports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b85
-A htb-gen.down-10.1.1.5 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b85
-A htb-gen.down-10.1.1.5 -m mark --mark 0x0 -j MARK --set-mark 0x1b86
-A htb-gen.down-10.1.1.5 -j ACCEPT
-A htb-gen.down-10.1.1.54 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1b6d
-A htb-gen.down-10.1.1.54 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1b6d
-A htb-gen.down-10.1.1.54 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b6d
-A htb-gen.down-10.1.1.54 -p tcp -m mark --mark 0x0 -m multiport --sports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b6d
-A htb-gen.down-10.1.1.54 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b6d
-A htb-gen.down-10.1.1.54 -m mark --mark 0x0 -j MARK --set-mark 0x1b6e
-A htb-gen.down-10.1.1.54 -j ACCEPT
-A htb-gen.down-10.1.1.57 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1b79
-A htb-gen.down-10.1.1.57 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1b79
-A htb-gen.down-10.1.1.57 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b79
-A htb-gen.down-10.1.1.57 -p tcp -m mark --mark 0x0 -m multiport --sports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b79
-A htb-gen.down-10.1.1.57 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b79
-A htb-gen.down-10.1.1.57 -m mark --mark 0x0 -j MARK --set-mark 0x1b7a
-A htb-gen.down-10.1.1.57 -j ACCEPT
-A htb-gen.down-10.1.1.6 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1b8b
-A htb-gen.down-10.1.1.6 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1b8b
-A htb-gen.down-10.1.1.6 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b8b
-A htb-gen.down-10.1.1.6 -p tcp -m mark --mark 0x0 -m multiport --sports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b8b
-A htb-gen.down-10.1.1.6 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b8b
-A htb-gen.down-10.1.1.6 -m mark --mark 0x0 -j MARK --set-mark 0x1b8c
-A htb-gen.down-10.1.1.6 -j ACCEPT
-A htb-gen.down-10.1.1.60 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1b73
-A htb-gen.down-10.1.1.60 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1b73
-A htb-gen.down-10.1.1.60 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b73
-A htb-gen.down-10.1.1.60 -p tcp -m mark --mark 0x0 -m multiport --sports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b73
-A htb-gen.down-10.1.1.60 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b73
-A htb-gen.down-10.1.1.60 -m mark --mark 0x0 -j MARK --set-mark 0x1b74
-A htb-gen.down-10.1.1.60 -j ACCEPT
-A htb-gen.down-200.80.22.2 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1bbb
-A htb-gen.down-200.80.22.2 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1bbb
-A htb-gen.down-200.80.22.2 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1bbb
-A htb-gen.down-200.80.22.2 -p tcp -m mark --mark 0x0 -m multiport --sports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1bbb
-A htb-gen.down-200.80.22.2 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1bbb
-A htb-gen.down-200.80.22.2 -m mark --mark 0x0 -j MARK --set-mark 0x1bbc
-A htb-gen.down-200.80.22.2 -j ACCEPT
-A htb-gen.up -s 10.1.1.2 -j htb-gen.up-10.1.1.2
-A htb-gen.up -s 10.1.1.32 -j htb-gen.up-10.1.1.32
-A htb-gen.up -s 10.1.1.38 -j htb-gen.up-10.1.1.38
-A htb-gen.up -s 10.1.1.54 -j htb-gen.up-10.1.1.54
-A htb-gen.up -s 10.1.1.60 -j htb-gen.up-10.1.1.60
-A htb-gen.up -s 10.1.1.57 -j htb-gen.up-10.1.1.57
-A htb-gen.up -s 10.1.1.32 -j htb-gen.up-10.1.1.32
-A htb-gen.up -s 10.1.1.5 -j htb-gen.up-10.1.1.5
-A htb-gen.up -s 10.1.1.6 -j htb-gen.up-10.1.1.6
-A htb-gen.up -s 10.1.1.18 -j htb-gen.up-10.1.1.18
-A htb-gen.up -s 10.1.1.30 -j htb-gen.up-10.1.1.30
-A htb-gen.up -s 10.1.1.35 -j htb-gen.up-10.1.1.35
-A htb-gen.up -s 10.1.1.47 -j htb-gen.up-10.1.1.47
-A htb-gen.up -s 10.1.1.42 -j htb-gen.up-10.1.1.42
-A htb-gen.up -s 10.1.1.16 -j htb-gen.up-10.1.1.16
-A htb-gen.up -s 10.0.0.0/255.255.255.252 -j htb-gen.up-10.0.0.1/30
-A htb-gen.up -s 200.80.22.2 -j htb-gen.up-200.80.22.2
-A htb-gen.up-10.0.0.1/30 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1bb8
-A htb-gen.up-10.0.0.1/30 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1bb8
-A htb-gen.up-10.0.0.1/30 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1bb8
-A htb-gen.up-10.0.0.1/30 -p tcp -m mark --mark 0x0 -m multiport --dports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1bb8
-A htb-gen.up-10.0.0.1/30 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1bb8
-A htb-gen.up-10.0.0.1/30 -m mark --mark 0x0 -j MARK --set-mark 0x1bb9
-A htb-gen.up-10.0.0.1/30 -j ACCEPT
-A htb-gen.up-10.1.1.16 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1bb2
-A htb-gen.up-10.1.1.16 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1bb2
-A htb-gen.up-10.1.1.16 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1bb2
-A htb-gen.up-10.1.1.16 -p tcp -m mark --mark 0x0 -m multiport --dports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1bb2
-A htb-gen.up-10.1.1.16 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1bb2
-A htb-gen.up-10.1.1.16 -m mark --mark 0x0 -j MARK --set-mark 0x1bb3
-A htb-gen.up-10.1.1.16 -j ACCEPT
-A htb-gen.up-10.1.1.18 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1b94
-A htb-gen.up-10.1.1.18 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1b94
-A htb-gen.up-10.1.1.18 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b94
-A htb-gen.up-10.1.1.18 -p tcp -m mark --mark 0x0 -m multiport --dports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b94
-A htb-gen.up-10.1.1.18 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b94
-A htb-gen.up-10.1.1.18 -m mark --mark 0x0 -j MARK --set-mark 0x1b95
-A htb-gen.up-10.1.1.18 -j ACCEPT
-A htb-gen.up-10.1.1.2 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1b5e
-A htb-gen.up-10.1.1.2 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1b5e
-A htb-gen.up-10.1.1.2 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b5e
-A htb-gen.up-10.1.1.2 -p tcp -m mark --mark 0x0 -m multiport --dports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b5e
-A htb-gen.up-10.1.1.2 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b5e
-A htb-gen.up-10.1.1.2 -m mark --mark 0x0 -j MARK --set-mark 0x1b5f
-A htb-gen.up-10.1.1.2 -j ACCEPT
-A htb-gen.up-10.1.1.30 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1b9a
-A htb-gen.up-10.1.1.30 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1b9a
-A htb-gen.up-10.1.1.30 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b9a
-A htb-gen.up-10.1.1.30 -p tcp -m mark --mark 0x0 -m multiport --dports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b9a
-A htb-gen.up-10.1.1.30 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b9a
-A htb-gen.up-10.1.1.30 -m mark --mark 0x0 -j MARK --set-mark 0x1b9b
-A htb-gen.up-10.1.1.30 -j ACCEPT
-A htb-gen.up-10.1.1.32 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1b82
-A htb-gen.up-10.1.1.32 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1b82
-A htb-gen.up-10.1.1.32 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b82
-A htb-gen.up-10.1.1.32 -p tcp -m mark --mark 0x0 -m multiport --dports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b82
-A htb-gen.up-10.1.1.32 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b82
-A htb-gen.up-10.1.1.32 -m mark --mark 0x0 -j MARK --set-mark 0x1b83
-A htb-gen.up-10.1.1.32 -j ACCEPT
-A htb-gen.up-10.1.1.35 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1ba0
-A htb-gen.up-10.1.1.35 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1ba0
-A htb-gen.up-10.1.1.35 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1ba0
-A htb-gen.up-10.1.1.35 -p tcp -m mark --mark 0x0 -m multiport --dports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1ba0
-A htb-gen.up-10.1.1.35 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1ba0
-A htb-gen.up-10.1.1.35 -m mark --mark 0x0 -j MARK --set-mark 0x1ba1
-A htb-gen.up-10.1.1.35 -j ACCEPT
-A htb-gen.up-10.1.1.38 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1b6a
-A htb-gen.up-10.1.1.38 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1b6a
-A htb-gen.up-10.1.1.38 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b6a
-A htb-gen.up-10.1.1.38 -p tcp -m mark --mark 0x0 -m multiport --dports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b6a
-A htb-gen.up-10.1.1.38 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b6a
-A htb-gen.up-10.1.1.38 -m mark --mark 0x0 -j MARK --set-mark 0x1b6b
-A htb-gen.up-10.1.1.38 -j ACCEPT
-A htb-gen.up-10.1.1.42 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1bac
-A htb-gen.up-10.1.1.42 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1bac
-A htb-gen.up-10.1.1.42 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1bac
-A htb-gen.up-10.1.1.42 -p tcp -m mark --mark 0x0 -m multiport --dports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1bac
-A htb-gen.up-10.1.1.42 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1bac
-A htb-gen.up-10.1.1.42 -m mark --mark 0x0 -j MARK --set-mark 0x1bad
-A htb-gen.up-10.1.1.42 -j ACCEPT
-A htb-gen.up-10.1.1.47 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1ba6
-A htb-gen.up-10.1.1.47 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1ba6
-A htb-gen.up-10.1.1.47 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1ba6
-A htb-gen.up-10.1.1.47 -p tcp -m mark --mark 0x0 -m multiport --dports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1ba6
-A htb-gen.up-10.1.1.47 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1ba6
-A htb-gen.up-10.1.1.47 -m mark --mark 0x0 -j MARK --set-mark 0x1ba7
-A htb-gen.up-10.1.1.47 -j ACCEPT
-A htb-gen.up-10.1.1.5 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1b88
-A htb-gen.up-10.1.1.5 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1b88
-A htb-gen.up-10.1.1.5 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b88
-A htb-gen.up-10.1.1.5 -p tcp -m mark --mark 0x0 -m multiport --dports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b88
-A htb-gen.up-10.1.1.5 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b88
-A htb-gen.up-10.1.1.5 -m mark --mark 0x0 -j MARK --set-mark 0x1b89
-A htb-gen.up-10.1.1.5 -j ACCEPT
-A htb-gen.up-10.1.1.54 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1b70
-A htb-gen.up-10.1.1.54 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1b70
-A htb-gen.up-10.1.1.54 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b70
-A htb-gen.up-10.1.1.54 -p tcp -m mark --mark 0x0 -m multiport --dports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b70
-A htb-gen.up-10.1.1.54 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b70
-A htb-gen.up-10.1.1.54 -m mark --mark 0x0 -j MARK --set-mark 0x1b71
-A htb-gen.up-10.1.1.54 -j ACCEPT
-A htb-gen.up-10.1.1.57 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1b7c
-A htb-gen.up-10.1.1.57 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1b7c
-A htb-gen.up-10.1.1.57 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b7c
-A htb-gen.up-10.1.1.57 -p tcp -m mark --mark 0x0 -m multiport --dports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b7c
-A htb-gen.up-10.1.1.57 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b7c
-A htb-gen.up-10.1.1.57 -m mark --mark 0x0 -j MARK --set-mark 0x1b7d
-A htb-gen.up-10.1.1.57 -j ACCEPT
-A htb-gen.up-10.1.1.6 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1b8e
-A htb-gen.up-10.1.1.6 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1b8e
-A htb-gen.up-10.1.1.6 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b8e
-A htb-gen.up-10.1.1.6 -p tcp -m mark --mark 0x0 -m multiport --dports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b8e
-A htb-gen.up-10.1.1.6 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b8e
-A htb-gen.up-10.1.1.6 -m mark --mark 0x0 -j MARK --set-mark 0x1b8f
-A htb-gen.up-10.1.1.6 -j ACCEPT
-A htb-gen.up-10.1.1.60 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1b76
-A htb-gen.up-10.1.1.60 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1b76
-A htb-gen.up-10.1.1.60 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1b76
-A htb-gen.up-10.1.1.60 -p tcp -m mark --mark 0x0 -m multiport --dports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1b76
-A htb-gen.up-10.1.1.60 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1b76
-A htb-gen.up-10.1.1.60 -m mark --mark 0x0 -j MARK --set-mark 0x1b77
-A htb-gen.up-10.1.1.60 -j ACCEPT
-A htb-gen.up-200.80.22.2 -m mark --mark 0x0 -m length --length 0:100 -j MARK --set-mark 0x1bbe
-A htb-gen.up-200.80.22.2 -p udp -m mark --mark 0x0 -j MARK --set-mark 0x1bbe
-A htb-gen.up-200.80.22.2 -p icmp -m mark --mark 0x0 -j MARK --set-mark 0x1bbe
-A htb-gen.up-200.80.22.2 -p tcp -m mark --mark 0x0 -m multiport --dports 20,21,22,25,80,8080,110,143,443,465,993,995,1863,1864,3389 -j MARK --set-mark 0x1bbe
-A htb-gen.up-200.80.22.2 -m mark --mark 0x0 -m helper --helper "ftp" -j MARK --set-mark 0x1bbe
-A htb-gen.up-200.80.22.2 -m mark --mark 0x0 -j MARK --set-mark 0x1bbf
-A htb-gen.up-200.80.22.2 -j ACCEPT
COMMIT
# Completed on Tue Apr 27 23:44:51 2010
# Generated by iptables-save v1.3.5 on Tue Apr 27 23:44:51 2010
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:DMZ_INET_FORWARD_CHAIN - [0:0]
:DMZ_INPUT_CHAIN - [0:0]
:DMZ_LAN_FORWARD_CHAIN - [0:0]
:EXT_ICMP_FLOOD_CHAIN - [0:0]
:EXT_INPUT_CHAIN - [0:0]
:EXT_OUTPUT_CHAIN - [0:0]
:HOST_BLOCK - [0:0]
:INET_DMZ_FORWARD_CHAIN - [0:0]
:LAN_INET_FORWARD_CHAIN - [0:0]
:LAN_INPUT_CHAIN - [0:0]
:MAC_FILTER - [0:0]
:RESERVED_NET_CHK - [0:0]
:SPOOF_CHK - [0:0]
:UPNP_FORWARD - [0:0]
:VALID_CHK - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state RELATED -m tcp --dport 1024:65535 -j ACCEPT
-A INPUT -p udp -m state --state RELATED -m udp --dport 1024:65535 -j ACCEPT
-A INPUT -p icmp -m state --state RELATED -j ACCEPT
-A INPUT -j HOST_BLOCK
-A INPUT -i eth2 -j MAC_FILTER
-A INPUT -j SPOOF_CHK
-A INPUT -i eth0 -j VALID_CHK
-A INPUT -i eth0 -p ! icmp -m state --state NEW -j EXT_INPUT_CHAIN
-A INPUT -i eth0 -p icmp -m state --state NEW -m limit --limit 60/sec --limit-burst 100 -j EXT_INPUT_CHAIN
-A INPUT -i eth0 -p icmp -m state --state NEW -j EXT_ICMP_FLOOD_CHAIN
-A INPUT -i eth2 -j LAN_INPUT_CHAIN
-A INPUT -m limit --limit 1/sec -j LOG --log-prefix "Dropped INPUT packet: " --log-level 6
-A INPUT -j DROP
-A FORWARD -i lo -j ACCEPT
-A FORWARD -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -m state --state ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m state --state RELATED -m tcp --dport 1024:65535 -j ACCEPT
-A FORWARD -p udp -m state --state RELATED -m udp --dport 1024:65535 -j ACCEPT
-A FORWARD -p icmp -m state --state RELATED -j ACCEPT
-A FORWARD -j HOST_BLOCK
-A FORWARD -i eth2 -j MAC_FILTER
-A FORWARD -i eth0 -o ! eth0 -j UPNP_FORWARD
-A FORWARD -j SPOOF_CHK
-A FORWARD -i eth0 -j VALID_CHK
-A FORWARD -i eth2 -o eth2 -j ACCEPT
-A FORWARD -i eth2 -o eth0 -j LAN_INET_FORWARD_CHAIN
-A FORWARD -m limit --limit 1/min --limit-burst 3 -j LOG --log-prefix "Dropped FORWARD packet: " --log-level 6
-A FORWARD -j DROP
-A OUTPUT -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -j HOST_BLOCK
-A OUTPUT -f -m limit --limit 3/min -j LOG --log-prefix "FRAGMENTED PACKET (OUT): " --log-level 6
-A OUTPUT -f -j DROP
-A OUTPUT -o eth0 -j EXT_OUTPUT_CHAIN
-A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 8 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP-request(ping) flood: " --log-level 6
-A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 8 -j DROP
-A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 3 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP-unreachable flood: " --log-level 6
-A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 3 -j DROP
-A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 4 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP-source-quench flood: " --log-level 6
-A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 4 -j DROP
-A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 11 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP-time-exceeded flood: " --log-level 6
-A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 11 -j DROP
-A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 12 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP-param.-problem flood: " --log-level 6
-A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 12 -j DROP
-A EXT_ICMP_FLOOD_CHAIN -p icmp -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP(other) flood: " --log-level 6
-A EXT_ICMP_FLOOD_CHAIN -p icmp -j DROP
-A EXT_INPUT_CHAIN -p tcp -m tcp --dport 0 -m limit --limit 6/hour --limit-burst 1 -j LOG --log-prefix "TCP port 0 OS fingerprint: " --log-level 6
-A EXT_INPUT_CHAIN -p udp -m udp --dport 0 -m limit --limit 6/hour --limit-burst 1 -j LOG --log-prefix "UDP port 0 OS fingerprint: " --log-level 6
-A EXT_INPUT_CHAIN -p tcp -m tcp --dport 0 -j DROP
-A EXT_INPUT_CHAIN -p udp -m udp --dport 0 -j DROP
-A EXT_INPUT_CHAIN -p tcp -m tcp --sport 0 -m limit --limit 6/hour -j LOG --log-prefix "TCP source port 0: " --log-level 6
-A EXT_INPUT_CHAIN -p udp -m udp --sport 0 -m limit --limit 6/hour -j LOG --log-prefix "UDP source port 0: " --log-level 6
-A EXT_INPUT_CHAIN -p tcp -m tcp --sport 0 -j DROP
-A EXT_INPUT_CHAIN -p udp -m udp --sport 0 -j DROP
-A EXT_INPUT_CHAIN -p icmp -m icmp --icmp-type 8 -m limit --limit 3/min --limit-burst 1 -j LOG --log-prefix "ICMP-request: " --log-level 6
-A EXT_INPUT_CHAIN -p icmp -m icmp --icmp-type 3 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP-unreachable: " --log-level 6
-A EXT_INPUT_CHAIN -p icmp -m icmp --icmp-type 4 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP-source-quench: " --log-level 6
-A EXT_INPUT_CHAIN -p icmp -m icmp --icmp-type 11 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP-time-exceeded: " --log-level 6
-A EXT_INPUT_CHAIN -p icmp -m icmp --icmp-type 12 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "ICMP-param.-problem: " --log-level 6
-A EXT_INPUT_CHAIN -p tcp -m tcp --dport 1024:65535 ! --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 3/min -j LOG --log-prefix "Stealth scan (UNPRIV)?: " --log-level 6
-A EXT_INPUT_CHAIN -p tcp -m tcp --dport 0:1023 ! --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 3/min -j LOG --log-prefix "Stealth scan (PRIV)?: " --log-level 6
-A EXT_INPUT_CHAIN -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A EXT_INPUT_CHAIN -p tcp -m tcp --dport 0:1023 -m limit --limit 6/min --limit-burst 2 -j LOG --log-prefix "Connection attempt (PRIV): " --log-level 6
-A EXT_INPUT_CHAIN -p udp -m udp --dport 0:1023 -m limit --limit 6/min --limit-burst 2 -j LOG --log-prefix "Connection attempt (PRIV): " --log-level 6
-A EXT_INPUT_CHAIN -p tcp -m tcp --dport 1024:65535 -m limit --limit 6/min --limit-burst 2 -j LOG --log-prefix "Connection attempt (UNPRIV): " --log-level 6
-A EXT_INPUT_CHAIN -p udp -m udp --dport 1024:65535 -m limit --limit 6/min --limit-burst 2 -j LOG --log-prefix "Connection attempt (UNPRIV): " --log-level 6
-A EXT_INPUT_CHAIN -p tcp -j DROP
-A EXT_INPUT_CHAIN -p udp -j DROP
-A EXT_INPUT_CHAIN -p icmp -j DROP
-A EXT_INPUT_CHAIN -m limit --limit 1/min -j LOG --log-prefix "Other-IP connection attempt: " --log-level 6
-A EXT_INPUT_CHAIN -j DROP
-A EXT_OUTPUT_CHAIN -j ACCEPT
-A LAN_INET_FORWARD_CHAIN -p icmp -m icmp --icmp-type 8 -m limit --limit 20/sec --limit-burst 100 -j ACCEPT
-A LAN_INET_FORWARD_CHAIN -p icmp -m icmp --icmp-type 8 -m limit --limit 3/min --limit-burst 1 -j LOG --log-prefix "ICMP-request: " --log-level 6
-A LAN_INET_FORWARD_CHAIN -p icmp -m icmp --icmp-type 8 -j DROP
-A LAN_INET_FORWARD_CHAIN -j ACCEPT
-A LAN_INPUT_CHAIN -p icmp -m icmp --icmp-type 8 -m limit --limit 20/sec --limit-burst 100 -j ACCEPT
-A LAN_INPUT_CHAIN -p icmp -m icmp --icmp-type 8 -m limit --limit 3/min --limit-burst 1 -j LOG --log-prefix "ICMP-request: " --log-level 6
-A LAN_INPUT_CHAIN -p icmp -m icmp --icmp-type 8 -j DROP
-A LAN_INPUT_CHAIN -j ACCEPT
-A RESERVED_NET_CHK -s 10.0.0.0/255.0.0.0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "Class A address: " --log-level 6
-A RESERVED_NET_CHK -s 172.16.0.0/255.240.0.0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "Class B address: " --log-level 6
-A RESERVED_NET_CHK -s 192.168.0.0/255.255.0.0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "Class C address: " --log-level 6
-A RESERVED_NET_CHK -s 169.254.0.0/255.255.0.0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "Class M$ address: " --log-level 6
-A RESERVED_NET_CHK -s 10.0.0.0/255.0.0.0 -j DROP
-A RESERVED_NET_CHK -s 172.16.0.0/255.240.0.0 -j DROP
-A RESERVED_NET_CHK -s 192.168.0.0/255.255.0.0 -j DROP
-A RESERVED_NET_CHK -s 169.254.0.0/255.255.0.0 -j DROP
-A SPOOF_CHK -s 10.1.1.0/255.255.255.0 -i eth2 -j RETURN
-A SPOOF_CHK -s 10.1.1.0/255.255.255.0 -m limit --limit 3/min -j LOG --log-prefix "Spoofed packet: " --log-level 6
-A SPOOF_CHK -s 10.1.1.0/255.255.255.0 -j DROP
-A SPOOF_CHK -j RETURN
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -m limit --limit 3/min -j LOG --log-prefix "Stealth XMAS scan: " --log-level 6
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -m limit --limit 3/min -j LOG --log-prefix "Stealth XMAS-PSH scan: " --log-level 6
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -m limit --limit 3/min -j LOG --log-prefix "Stealth XMAS-ALL scan: " --log-level 6
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -m limit --limit 3/min -j LOG --log-prefix "Stealth FIN scan: " --log-level 6
-A VALID_CHK -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 3/min -j LOG --log-prefix "Stealth SYN/RST scan: " --log-level 6
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit 3/min -j LOG --log-prefix "Stealth SYN/FIN scan(?): " --log-level 6
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m limit --limit 3/min -j LOG --log-prefix "Stealth Null scan: " --log-level 6
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j DROP
-A VALID_CHK -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A VALID_CHK -p tcp -m tcp --tcp-option 64 -m limit --limit 3/min --limit-burst 1 -j LOG --log-prefix "Bad TCP flag(64): " --log-level 6
-A VALID_CHK -p tcp -m tcp --tcp-option 128 -m limit --limit 3/min --limit-burst 1 -j LOG --log-prefix "Bad TCP flag(128): " --log-level 6
-A VALID_CHK -p tcp -m tcp --tcp-option 64 -j DROP
-A VALID_CHK -p tcp -m tcp --tcp-option 128 -j DROP
-A VALID_CHK -m state --state INVALID -j DROP
-A VALID_CHK -f -m limit --limit 3/min --limit-burst 1 -j LOG --log-prefix "Fragmented packet: "
-A VALID_CHK -f -j DROP
COMMIT
# Completed on Tue Apr 27 23:44:51 2010

y esto me da el
iptables -L -v


[root@www ~]# iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
24298 25M ACCEPT all -- any any anywhere anywhere state ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere state RELATED tcp dpts:1024:65535
0 0 ACCEPT udp -- any any anywhere anywhere state RELATED udp dpts:1024:65535
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED
605 58871 HOST_BLOCK all -- any any anywhere anywhere
280 33240 MAC_FILTER all -- eth2 any anywhere anywhere
605 58871 SPOOF_CHK all -- any any anywhere anywhere
325 25631 VALID_CHK all -- eth0 any anywhere anywhere
98 16379 EXT_INPUT_CHAIN !icmp -- eth0 any anywhere anywhere state NEW
7 448 EXT_INPUT_CHAIN icmp -- eth0 any anywhere anywhere state NEW limit: avg 60/sec burst 100
0 0 EXT_ICMP_FLOOD_CHAIN icmp -- eth0 any anywhere anywhere state NEW
280 33240 LAN_INPUT_CHAIN all -- eth2 any anywhere anywhere
0 0 LOG all -- any any anywhere anywhere limit: avg 1/sec burst 5 LOG level info prefix `Dropped INPUT packet: '
0 0 DROP all -- any any anywhere anywhere

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
458 21984 TCPMSS tcp -- any eth0 anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
35796 29M ACCEPT all -- any any anywhere anywhere state ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere state RELATED tcp dpts:1024:65535
0 0 ACCEPT udp -- any any anywhere anywhere state RELATED udp dpts:1024:65535
4 704 ACCEPT icmp -- any any anywhere anywhere state RELATED
1104 63474 HOST_BLOCK all -- any any anywhere anywhere
1104 63474 MAC_FILTER all -- eth2 any anywhere anywhere
0 0 UPNP_FORWARD all -- eth0 !eth0 anywhere anywhere
1104 63474 SPOOF_CHK all -- any any anywhere anywhere
0 0 VALID_CHK all -- eth0 any anywhere anywhere
0 0 ACCEPT all -- eth2 eth2 anywhere anywhere
1104 63474 LAN_INET_FORWARD_CHAIN all -- eth2 eth0 anywhere anywhere
0 0 LOG all -- any any anywhere anywhere limit: avg 1/min burst 3 LOG level info prefix `Dropped FORWARD packet: '
0 0 DROP all -- any any anywhere anywhere

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1074 64440 TCPMSS tcp -- any eth0 anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
19118 3130K ACCEPT all -- any any anywhere anywhere state ESTABLISHED
2523 165K HOST_BLOCK all -- any any anywhere anywhere
0 0 LOG all -f any any anywhere anywhere limit: avg 3/min burst 5 LOG level info prefix `FRAGMENTED PACKET (OUT): '
0 0 DROP all -f any any anywhere anywhere
2523 165K EXT_OUTPUT_CHAIN all -- any eth0 anywhere anywhere

Chain DMZ_INET_FORWARD_CHAIN (0 references)
pkts bytes target prot opt in out source destination

Chain DMZ_INPUT_CHAIN (0 references)
pkts bytes target prot opt in out source destination

Chain DMZ_LAN_FORWARD_CHAIN (0 references)
pkts bytes target prot opt in out source destination

Chain EXT_ICMP_FLOOD_CHAIN (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG icmp -- any any anywhere anywhere icmp echo-request limit: avg 12/hour burst 1 LOG level info prefix `ICMP-request(ping) flood: '
0 0 DROP icmp -- any any anywhere anywhere icmp echo-request
0 0 LOG icmp -- any any anywhere anywhere icmp destination-unreachable limit: avg 12/hour burst 1 LOG level info prefix `ICMP-unreachable flood: '
0 0 DROP icmp -- any any anywhere anywhere icmp destination-unreachable
0 0 LOG icmp -- any any anywhere anywhere icmp source-quench limit: avg 12/hour burst 1 LOG level info prefix `ICMP-source-quench flood: '
0 0 DROP icmp -- any any anywhere anywhere icmp source-quench
0 0 LOG icmp -- any any anywhere anywhere icmp time-exceeded limit: avg 12/hour burst 1 LOG level info prefix `ICMP-time-exceeded flood: '
0 0 DROP icmp -- any any anywhere anywhere icmp time-exceeded
0 0 LOG icmp -- any any anywhere anywhere icmp parameter-problem limit: avg 12/hour burst 1 LOG level info prefix `ICMP-param.-problem flood: '
0 0 DROP icmp -- any any anywhere anywhere icmp parameter-problem
0 0 LOG icmp -- any any anywhere anywhere limit: avg 12/hour burst 1 LOG level info prefix `ICMP(other) flood: '
0 0 DROP icmp -- any any anywhere anywhere

Chain EXT_INPUT_CHAIN (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG tcp -- any any anywhere anywhere tcp dpt:0 limit: avg 6/hour burst 1 LOG level info prefix `TCP port 0 OS fingerprint: '
0 0 LOG udp -- any any anywhere anywhere udp dpt:0 limit: avg 6/hour burst 1 LOG level info prefix `UDP port 0 OS fingerprint: '
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:0
0 0 DROP udp -- any any anywhere anywhere udp dpt:0
0 0 LOG tcp -- any any anywhere anywhere tcp spt:0 limit: avg 6/hour burst 5 LOG level info prefix `TCP source port 0: '
0 0 LOG udp -- any any anywhere anywhere udp spt:0 limit: avg 6/hour burst 5 LOG level info prefix `UDP source port 0: '
0 0 DROP tcp -- any any anywhere anywhere tcp spt:0
0 0 DROP udp -- any any anywhere anywhere udp spt:0
7 448 LOG icmp -- any any anywhere anywhere icmp echo-request limit: avg 3/min burst 1 LOG level info prefix `ICMP-request: '
0 0 LOG icmp -- any any anywhere anywhere icmp destination-unreachable limit: avg 12/hour burst 1 LOG level info prefix `ICMP-unreachable: '
0 0 LOG icmp -- any any anywhere anywhere icmp source-quench limit: avg 12/hour burst 1 LOG level info prefix `ICMP-source-quench: '
0 0 LOG icmp -- any any anywhere anywhere icmp time-exceeded limit: avg 12/hour burst 1 LOG level info prefix `ICMP-time-exceeded: '
0 0 LOG icmp -- any any anywhere anywhere icmp parameter-problem limit: avg 12/hour burst 1 LOG level info prefix `ICMP-param.-problem: '
0 0 LOG tcp -- any any anywhere anywhere tcp dpts:1024:65535 flags:!FIN,SYN,RST,ACK/SYN limit: avg 3/min burst 5 LOG level info prefix `Stealth scan (UNPRIV)?: '
0 0 LOG tcp -- any any anywhere anywhere tcp dpts:0:1023 flags:!FIN,SYN,RST,ACK/SYN limit: avg 3/min burst 5 LOG level info prefix `Stealth scan (PRIV)?: '
0 0 DROP tcp -- any any anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
57 3008 LOG tcp -- any any anywhere anywhere tcp dpts:0:1023 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (PRIV): '
33 12907 LOG udp -- any any anywhere anywhere udp dpts:0:1023 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (PRIV): '
7 400 LOG tcp -- any any anywhere anywhere tcp dpts:1024:65535 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (UNPRIV): '
0 0 LOG udp -- any any anywhere anywhere udp dpts:1024:65535 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (UNPRIV): '
65 3472 DROP tcp -- any any anywhere anywhere
33 12907 DROP udp -- any any anywhere anywhere
7 448 DROP icmp -- any any anywhere anywhere
0 0 LOG all -- any any anywhere anywhere limit: avg 1/min burst 5 LOG level info prefix `Other-IP connection attempt: '
0 0 DROP all -- any any anywhere anywhere

Chain EXT_OUTPUT_CHAIN (1 references)
pkts bytes target prot opt in out source destination
2523 165K ACCEPT all -- any any anywhere anywhere

Chain HOST_BLOCK (3 references)
pkts bytes target prot opt in out source destination

Chain INET_DMZ_FORWARD_CHAIN (0 references)
pkts bytes target prot opt in out source destination

Chain LAN_INET_FORWARD_CHAIN (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request limit: avg 20/sec burst 100
0 0 LOG icmp -- any any anywhere anywhere icmp echo-request limit: avg 3/min burst 1 LOG level info prefix `ICMP-request: '
0 0 DROP icmp -- any any anywhere anywhere icmp echo-request
1104 63474 ACCEPT all -- any any anywhere anywhere

Chain LAN_INPUT_CHAIN (1 references)
pkts bytes target prot opt in out source destination
2 120 ACCEPT icmp -- any any anywhere anywhere icmp echo-request limit: avg 20/sec burst 100
0 0 LOG icmp -- any any anywhere anywhere icmp echo-request limit: avg 3/min burst 1 LOG level info prefix `ICMP-request: '
0 0 DROP icmp -- any any anywhere anywhere icmp echo-request
278 33120 ACCEPT all -- any any anywhere anywhere

Chain MAC_FILTER (2 references)
pkts bytes target prot opt in out source destination

Chain RESERVED_NET_CHK (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- any any 10.0.0.0/8 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class A address: '
0 0 LOG all -- any any 172.16.0.0/12 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class B address: '
0 0 LOG all -- any any 192.168.0.0/16 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class C address: '
0 0 LOG all -- any any 169.254.0.0/16 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class M$ address: '
0 0 DROP all -- any any 10.0.0.0/8 anywhere
0 0 DROP all -- any any 172.16.0.0/12 anywhere
0 0 DROP all -- any any 192.168.0.0/16 anywhere
0 0 DROP all -- any any 169.254.0.0/16 anywhere

Chain SPOOF_CHK (2 references)
pkts bytes target prot opt in out source destination
1384 96714 RETURN all -- eth2 any 10.1.1.0/24 anywhere
0 0 LOG all -- any any 10.1.1.0/24 anywhere limit: avg 3/min burst 5 LOG level info prefix `Spoofed packet: '
0 0 DROP all -- any any 10.1.1.0/24 anywhere
325 25631 RETURN all -- any any anywhere anywhere

Chain UPNP_FORWARD (1 references)
pkts bytes target prot opt in out source destination

Chain VALID_CHK (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG limit: avg 3/min burst 5 LOG level info prefix `Stealth XMAS scan: '
0 0 LOG tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG limit: avg 3/min burst 5 LOG level info prefix `Stealth XMAS-PSH scan: '
0 0 LOG tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG limit: avg 3/min burst 5 LOG level info prefix `Stealth XMAS-ALL scan: '
0 0 LOG tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN limit: avg 3/min burst 5 LOG level info prefix `Stealth FIN scan: '
0 0 LOG tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN,RST limit: avg 3/min burst 5 LOG level info prefix `Stealth SYN/RST scan: '
0 0 LOG tcp -- any any anywhere anywhere tcp flags:FIN,SYN/FIN,SYN limit: avg 3/min burst 5 LOG level info prefix `Stealth SYN/FIN scan(?): '
0 0 LOG tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg 3/min burst 5 LOG level info prefix `Stealth Null scan: '
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
0 0 DROP tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN,RST
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
0 0 LOG tcp -- any any anywhere anywhere tcp option=64 limit: avg 3/min burst 1 LOG level info prefix `Bad TCP flag(64): '
0 0 LOG tcp -- any any anywhere anywhere tcp option=128 limit: avg 3/min burst 1 LOG level info prefix `Bad TCP flag(128): '
0 0 DROP tcp -- any any anywhere anywhere tcp option=64
0 0 DROP tcp -- any any anywhere anywhere tcp option=128
220 8804 DROP all -- any any anywhere anywhere state INVALID
0 0 LOG all -f any any anywhere anywhere limit: avg 3/min burst 1 LOG level warning prefix `Fragmented packet: '
0 0 DROP all -f any any anywhere anywhere

he buscado en internet y no encuentro por aalli desia algo de drop 1863 pero no se que es eso ni en donde le pongo ni nada
porfa alguien que me ayude

"El que se enorgullece de sus conocimientos es como si estuviera ciego en plena luz."

no veo una línea para el

Imagen de deathUser

no veo una línea para el mascarade o nat de la red, corríjanme si me equivoco...

agrega el nat y debería conectarse, o que usen el proxy ;)

el drop del puerto es para bloquearlo no para habilitarlo.

bye
;)

este disculpa mi

este disculpa mi ing norancia pero en donde le pongo eso de nat o como iria no tenga ni la minima idea de donde poder el nat de la red :? :? :? :? :? :? :? :? :? :? :? :? :? :? :? :? :? :? :? :?

"El que se enorgullece de sus conocimientos es como si estuviera ciego en plena luz."

hola revise el tutorial y por

hola revise el tutorial y por alli he bloqueado el msn pero ya quite esa entrada y ya funciona gracias pero tengo una interrogante me la puedes aclarar al usar el squid se supone que almacena las web lo que visitan las pc de la red bueno yo creo que si esta almacenada en mi disco si desconecto el cable de la salida a internet y visito una pagina que anteriormente ya visite debo poder verla por que se supone que esta almacenada en el disco verdad o me equivoco yo creo que me equivoco por que deconecte el cable de internet del servidor y ya no pude ni ver google y se supone que ya esta en el disco guardado verdad??? deveria poder verla ??? o como funciona no entiendo

si squid no hace eso que si lo hace de ante mano gracias

"El que se enorgullece de sus conocimientos es como si estuviera ciego en plena luz."

Pues ya te diste cuenta de

Imagen de deathUser

Pues ya te diste cuenta de que te equivocas, no del todo, pero si te equivocas ...

Las páginas si se almacenan en el caché, hasta que llenen el espacio asignado y sean eliminadas las más antiguas o menos usadas para reciclar el espacio ...

Cómo decide que páginas devolver desde el caché ...??? Pues primero se verifica si la página original ha cambiado respecto a la guardada en la caché, si no ha cambiado te devuelve la copia de la caché y así ahorras ancho de banda, si desconectas el cable, no puede hacer ese chequeo y obviamente te retorna un error ...

bye
;)

yhay alguna manera de

yhay alguna manera de configurar el servidor centos para que funcione en mpdo sin coneccion como lo hace el mozilla osea agregas una cantidad de mb y luego a si no haya coneccion te muestra lapag de google o si pusiste una direccion y esta alli te muestra es posible hacer eso

y lo ultimo como me doy cuenta de que el el squid si esta haciendo cache
que comando escribo en consola?
que deveria salir si esta funcionando coectamente?
y que sale si NO ESTA FUCIONANDO CORECTAMENTE ??
de ante mano gracias por responder

"El que se enorgullece de sus conocimientos es como si estuviera ciego en plena luz."