Okay dokey - my brain has switched off for the weekend, and this problemette is beginning to drive me nuts. I want to close a range of ports including 3128 (which is Squid) to the outside world. I would have thought that to do so would involve issuing the command:-
ipchains -A input -j REJECT -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 3128
but it don't work. The machine itself is NATted through a Cisco 1600 series routed (the router itself is on a 192.168.1.x address). Does anybody have any suggestions on how to go about doing so? The current ipchains table has been reproduced below as a guide.
Chain input (policy DENY): target prot opt source destination ports ACCEPT all ------ 192.168.0.0/24 anywhere n/a ACCEPT tcp ------ anywhere anywhere any -> 1025:65535 ACCEPT udp ------ anywhere anywhere any -> 1025:65535 ACCEPT tcp ------ anywhere anywhere any -> ssh ACCEPT icmp ------ anywhere anywhere any -> any ACCEPT all ------ 127.0.0.0/8 anywhere n/a ACCEPT tcp ------ anywhere anywhere any -> authChain forward (policy ACCEPT): target prot opt source destination ports MASQ all ------ 192.168.0.0/24 anywhere n/a
Free pints of beers (note the plural) to anybody who manages to resolve this one :)
Regards,
Martyn