Hi,


I need your help about internet gateway. ( firewall :iptable )
Now , i key command like below but i can't use my computer at local
network to use internet
( web browser + MSN )


My Objective =
1. Only want computer IP 192.168.0.111 to use web+MSN
( No allow others connection such as flashget/getright/bittorence )
2. No permit others computer to use internet anyway


Anyone can help me ?
Thank you very much
Pratchaya


######################


My Network Diagram.


ADSL Router <===> { eth1::: My Server :::: eth0 <===> Local network
(192.168.0.xx )


################## My command line ############################
/sbin/service iptables stop


iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128


iptables -P FORWARD DROP
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.111 -p tcp --dport 80
-j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.111 -p tcp --dport
1863 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.111 -p tcp --dport 443

-j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.111 -p tcp --dport
3128 -j ACCEPT


service iptables save
################## End My command line ############################


################## Result 1 ############################
[root@firewall ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination


Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- 192.168.0.111 anywhere tcp dpt:http
ACCEPT tcp -- 192.168.0.111 anywhere tcp dpt:1863
ACCEPT tcp -- 192.168.0.111 anywhere tcp dpt:https
ACCEPT tcp -- 192.168.0.111 anywhere tcp dpt:squid


Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@firewall ~]#


################## Result 2 ############################
[root@firewall ~]# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128


Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere


Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@firewall ~]#