Tim wrote:
On Thu, 2008-02-07 at 16:13 -0500, Joe Tseng wrote:
I have a test network set up where the internal network, proxy and
firewall are connected serially. I don't have IP forwarding enabled
on the proxy and currently I'm only able to ping up to the proxy's
external interface. Would anyone happen to know the iptables rules
needed to allow for me to ping past that point or is the answer to my
problem somewhere else?
More specific details would be needed about your setup.
Pinging is yet another type of traffic (ICMP, usually). It isn't
something that's going to be proxied like Squid proxies HTTP, FTP, and
few others. Start by looking at your firewall rules that deal with
ICMP, and your generic overall default rules.
The simple-minded way would be to set the box up to do generic
forwarding with NAT, but deny everything in iptables except what you
want to let through. (And if you want pings, you'll probably want
traceroute next...).
--
Les Mikesell
lesmikesell@xxxxxxxxx
