iptables dns not working
by sg_christian_sh from LinuxQuestions.org on (#52D08)
Hi everyone (sorry if my english is wrong sometimes), I'm having some problems when running my iptables script, I can ping 8.8.8.8 and my LAN but DNS is not working, can't resolve so I and my clients can't browse any website. (I'm a novice using iptables) I've tried several solutions found around the internet but still can't browse anywebsite (http/s).
I need to be able to browse websites and redirect the traffic from my clients to my proxySquid server port:3128 .
My script is the following:
Hope someone here can help me, thanks all of you.
Code:#!/bin/bash
#CHRISTIAN SOSA SCRIPT
echo -n APLICANDO REGLAS...
# INTERFACES
EXTERNA="enp0s3"
INTERNA="enp0s8"
# ROUTING
echo "1" > /proc/sys/net/ipv4/ip_forward
# DELETE PREVIOUS RULES
iptables -t filter -F
iptables -t nat -F
# DEFAULT POLICY (DROP)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# LOOPBACK
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# ALLOW TCP & UDP PROTOCOLS
iptables -t filter -A FORWARD -i $INTERNA -p tcp -m multiport --dports 53,80 -j ACCEPT
iptables -t filter -A FORWARD -i $INTERNA -p udp --dport 53 -j ACCEPT
iptables -t filter -A FORWARD -i $INTERNA -p tcp --dport 443 -j ACCEPT
iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# ALLOW NAT
iptables -t nat -A POSTROUTING -o $EXTERNA -j MASQUERADE
# FORCE CLIENTS TO USE THE PROXY
#iptables -t nat -A PREROUTING -i $INTERNA -p tcp -m multiport --dports 80,443 -j REDIRECT --to-port 3128
# SSH (PORT:22555).
iptables -t filter -A INPUT -i $INTERNA -p tcp --dport 22555 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --sport 22555 -m state --state ESTABLISHED,RELATED -j ACCEPT
# FTP
iptables -t filter -A INPUT -i $INTERNA -p tcp --dport 20:21 -j ACCEPT
iptables -t filter -A OUTPUT -o $INTERNA -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
# ICMP
iptables -A FORWARD -p icmp --icmp-type echo-request -j ACCEPT
iptables -t filter -A INPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -t filter -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
I need to be able to browse websites and redirect the traffic from my clients to my proxySquid server port:3128 .
My script is the following:
Hope someone here can help me, thanks all of you.
Code:#!/bin/bash
#CHRISTIAN SOSA SCRIPT
echo -n APLICANDO REGLAS...
# INTERFACES
EXTERNA="enp0s3"
INTERNA="enp0s8"
# ROUTING
echo "1" > /proc/sys/net/ipv4/ip_forward
# DELETE PREVIOUS RULES
iptables -t filter -F
iptables -t nat -F
# DEFAULT POLICY (DROP)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# LOOPBACK
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# ALLOW TCP & UDP PROTOCOLS
iptables -t filter -A FORWARD -i $INTERNA -p tcp -m multiport --dports 53,80 -j ACCEPT
iptables -t filter -A FORWARD -i $INTERNA -p udp --dport 53 -j ACCEPT
iptables -t filter -A FORWARD -i $INTERNA -p tcp --dport 443 -j ACCEPT
iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# ALLOW NAT
iptables -t nat -A POSTROUTING -o $EXTERNA -j MASQUERADE
# FORCE CLIENTS TO USE THE PROXY
#iptables -t nat -A PREROUTING -i $INTERNA -p tcp -m multiport --dports 80,443 -j REDIRECT --to-port 3128
# SSH (PORT:22555).
iptables -t filter -A INPUT -i $INTERNA -p tcp --dport 22555 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --sport 22555 -m state --state ESTABLISHED,RELATED -j ACCEPT
# FTP
iptables -t filter -A INPUT -i $INTERNA -p tcp --dport 20:21 -j ACCEPT
iptables -t filter -A OUTPUT -o $INTERNA -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
# ICMP
iptables -A FORWARD -p icmp --icmp-type echo-request -j ACCEPT
iptables -t filter -A INPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -t filter -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT