Config ze squida - prosty, ale działa, i to zadowalająco (uwagi mile widzanie):
http_port 172.22.0.1:8080 transparent
http_port 172.22.0.1:3128
cache_swap_low 70
cache_swap_high 90
cache_store_log none
logfile_rotate 2
cache_mem 96 MB
maximum_object_size 8 MB
cache_dir aufs /proxy 10240 16 64
dns_nameservers 172.22.0.1 194.204.159.1 194.204.152.34
visible_hostname XXX
forwarded_for off
acl siec src 172.22.0.0/255.255.0.0
acl all src 0.0.0.0/0.0.0.0
acl local dstdomain XXX
acl localip dst "/etc/squid/ip.conf"
http_access allow siec
http_access deny all
no_cache deny local
no_cache deny localip
acl FTP proto FTP
always_direct allow FTP
always_direct allow local
always_direct allow localip
zph_tos_local 8
zph_tos_peer 0
zph_tos_parent off
cache_effective_user proxy
cache_effective_group proxy
client_netmask 255.255.0.0
cache_mgr XXX
error_directory /usr/local/squid/share/errors/Polish
Firewal w NND - standardowy, z tą różnicą, że standardowy maskaraduje hurtem - ja maskaraduję każdego oddzielnie z filtrem MAC, w ten sposób:
iptables -t nat -A POSTROUTING -s $2 -j MASQUERADE
iptables -A FORWARD -m mac --mac-source $3 -j ACCEPT
($2 - ip klienta, $3 - jego MAC - bo to skrypt)
Niektórzy mają przydzielone zewnętrzne IP w ten sposób (i może ma to jakieś znaczenie - maszyna testowa ma):
ip addr add $4/29 brd 83.X.X.X dev eth1
iptables -t nat -I PREROUTING -s 0/0 -d $4 -j DNAT --to $2
iptables -t nat -I POSTROUTING -s $2 -d 0/0 -j SNAT --to $4
iptables -I FORWARD -d $4 -j ACCEPT
iptables -I FORWARD -s $2 -j ACCEPT
iptables -I FORWARD -d $2 -j ACCEPT
iptables -I INPUT -d $4 -j ACCEPT
(oznaczenia jak powyżej + $4 adres zewnętrzny)
Powyższe skrypty są stosowane w NND i w Debianie.
Chain PREROUTING (policy ACCEPT 2721K packets, 207M bytes)
pkts bytes target prot opt in out source destination
582 39158 DNAT all -- * * 0.0.0.0/0 83.16.255.102 to:172.22.0.8
639 42568 DNAT all -- * * 0.0.0.0/0 83.16.255.100 to:172.22.0.2
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 to:172.22.1.3:10000
0 0 DNAT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10000 to:172.22.1.3:10000
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10002 to:172.22.1.4:10002
0 0 DNAT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10002 to:172.22.1.4:10002
963 48876 DNAT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10001 to:172.22.1.12:10001
4148 501K DNAT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10001 to:172.22.1.12:10001
Chain POSTROUTING (policy ACCEPT 1262K packets, 132M bytes)
pkts bytes target prot opt in out source destination
1925 104K SNAT all -- * * 172.22.0.8 0.0.0.0/0 to:83.16.255.102
6512 351K SNAT all -- * * 172.22.0.2 0.0.0.0/0 to:83.16.255.100
534 38786 MASQUERADE all -- * * 172.22.0.3 0.0.0.0/0
0 0 MASQUERADE all -- * * 172.22.0.11 0.0.0.0/0
0 0 MASQUERADE all -- * * 172.22.1.3 0.0.0.0/0
0 0 MASQUERADE all -- * * 172.22.1.4 0.0.0.0/0
376 18138 MASQUERADE all -- * * 172.22.1.7 0.0.0.0/0
0 0 MASQUERADE all -- * * 172.22.1.8 0.0.0.0/0
28 1332 MASQUERADE all -- * * 172.22.1.9 0.0.0.0/0
0 0 MASQUERADE all -- * * 172.22.1.10 0.0.0.0/0
1 48 MASQUERADE all -- * * 172.22.1.12 0.0.0.0/0
3236 188K MASQUERADE all -- * * 172.22.0.35 0.0.0.0/0
105 5982 MASQUERADE all -- * * 172.22.0.17 0.0.0.0/0
0 0 MASQUERADE all -- * * 172.22.1.5 0.0.0.0/0
0 0 MASQUERADE all -- * * 172.22.1.6 0.0.0.0/0
0 0 MASQUERADE all -- * * 172.22.0.23 0.0.0.0/0
0 0 MASQUERADE all -- * * 172.22.0.24 0.0.0.0/0
815 44971 MASQUERADE all -- * * 172.22.0.5 0.0.0.0/0
0 0 MASQUERADE all -- * * 172.22.0.9 0.0.0.0/0
0 0 MASQUERADE all -- * * 172.22.1.19 0.0.0.0/0
1600 77339 MASQUERADE all -- * * 172.22.1.20 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 390 packets, 26413 bytes)
pkts bytes target prot opt in out source destination
iptables -t nat -L -nv z NND
Chain INPUT (policy DROP 1072 packets, 58575 bytes)
pkts bytes target prot opt in out source destination
4 356 ACCEPT all -- * * 0.0.0.0/0 83.16.255.102
1 126 ACCEPT all -- * * 0.0.0.0/0 83.16.255.100
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 reject-with icmp-port-unreachable
1 40 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1080 reject-with icmp-port-unreachable
22 1200 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 172.22.0.0/16 0.0.0.0/0 tcp dpt:8080
0 0 ACCEPT tcp -- * * 172.22.0.0/16 0.0.0.0/0 tcp dpt:3128
16 2032 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5
3301 313K ACCEPT all -- !eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain FORWARD (policy DROP 11 packets, 1562 bytes)
pkts bytes target prot opt in out source destination
7539 3641K ACCEPT all -- * * 0.0.0.0/0 172.22.0.8
7841 740K ACCEPT all -- * * 172.22.0.8 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 83.16.255.102
47812 29M ACCEPT all -- * * 0.0.0.0/0 172.22.0.2
63077 36M ACCEPT all -- * * 172.22.0.2 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 83.16.255.100
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445
253K 40M ACCEPT all -- !eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:06:5B:A7:1A:F2
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:60:08:60:5D:77
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:0B:6B:49:91:5A
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
0 0 ACCEPT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10000
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:02:44:A5:55:28
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10002
0 0 ACCEPT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10002
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:06:4F:40:FC:AB
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:06:4F:41:00:6D
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:06:4F:40:FC:5E
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:08:54:03:03:D0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:4F:62:0F:9F:57
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:16:17:71:52:09
969 49164 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10001
5080 550K ACCEPT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10001
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:02:44:4F:91:79
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:07:95:B3:86:89
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:0D:87:6A:B1:2D
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:14:85:E2:5D:A7
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:30:4F:21:F8:30
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:30:4F:30:05:A2
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:50:FC:80:46:4E
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:4F:62:13:8F:EF
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:4F:62:13:8F:EF
344K 447M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 2100 packets, 524K bytes)
pkts bytes target prot opt in out source destination
iptables -L -nv z NND
Chain PREROUTING (policy ACCEPT 4962K packets, 420M bytes)
pkts bytes target prot opt in out source destination
54728 3480K DNAT 0 -- * * 0.0.0.0/0 83.14.61.150 to:172.22.22.22
240 11460 DNAT tcp -- * * 172.22.0.0/16 85.232.233.9 to:172.22.0.1:999
253 12072 DNAT tcp -- * * 172.22.0.0/16 85.232.233.8 to:172.22.0.1:999
6420 311K DNAT 0 -- * * 172.22.0.0/16 83.14.61.146 to:172.22.0.1
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10003 to:172.22.0.4:10003
0 0 DNAT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10003 to:172.22.0.4:10003
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10009 to:172.22.0.4:10009
0 0 DNAT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10009 to:172.22.0.4:10009
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10005 to:172.22.0.6:10005
0 0 DNAT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10005 to:172.22.0.6:10005
5 244 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10007 to:172.22.0.6:10007
12 516 DNAT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10007 to:172.22.0.6:10007
21 1068 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 to:172.22.0.10:10000
17 714 DNAT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10000 to:172.22.0.10:10000
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10006 to:172.22.0.10:10006
0 0 DNAT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10006 to:172.22.0.10:10006
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10011 to:172.22.0.10:10011
0 0 DNAT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10011 to:172.22.0.10:10011
1 60 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10004 to:172.22.0.12:10004
0 0 DNAT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10004 to:172.22.0.12:10004
10206 532K DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10010 to:172.22.0.12:10010
2393 476K DNAT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10010 to:172.22.0.12:10010
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10002 to:172.22.1.6:10002
0 0 DNAT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10002 to:172.22.1.6:10002
29 1440 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10012 to:172.22.0.26:10012
54 2892 DNAT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10012 to:172.22.0.26:10012
6207 308K DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10013 to:172.22.0.28:10013
31892 4604K DNAT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10013 to:172.22.0.28:10013
136 6732 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10014 to:172.22.0.33:10014
619 114K DNAT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10014 to:172.22.0.33:10014
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10015 to:172.22.0.33:10015
0 0 DNAT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10015 to:172.22.0.33:10015
Chain POSTROUTING (policy ACCEPT 200K packets, 19M bytes)
pkts bytes target prot opt in out source destination
17784 1377K SNAT 0 -- * * 172.22.22.22 0.0.0.0/0 to:83.14.61.150
3213 224K MASQUERADE 0 -- * * 172.22.22.1 0.0.0.0/0
463K 55M MASQUERADE 0 -- * * 172.22.0.4 0.0.0.0/0
0 0 MASQUERADE 0 -- * * 172.22.0.6 0.0.0.0/0
43407 2898K MASQUERADE 0 -- * * 172.22.0.7 0.0.0.0/0
21 1008 MASQUERADE 0 -- * * 172.22.22.2 0.0.0.0/0
1630 78408 MASQUERADE 0 -- * * 172.22.0.10 0.0.0.0/0
23333 1301K MASQUERADE 0 -- * * 172.22.0.12 0.0.0.0/0
47960 5397K MASQUERADE 0 -- * * 172.22.0.13 0.0.0.0/0
22523 1407K MASQUERADE 0 -- * * 172.22.0.15 0.0.0.0/0
196 12395 MASQUERADE 0 -- * * 172.22.0.16 0.0.0.0/0
31327 1893K MASQUERADE 0 -- * * 172.22.0.19 0.0.0.0/0
8685 626K MASQUERADE 0 -- * * 172.22.0.20 0.0.0.0/0
119K 11M MASQUERADE 0 -- * * 172.22.0.21 0.0.0.0/0
3682 304K MASQUERADE 0 -- * * 172.22.0.22 0.0.0.0/0
33761 1766K MASQUERADE 0 -- * * 172.22.1.15 0.0.0.0/0
514K 39M MASQUERADE 0 -- * * 172.22.1.17 0.0.0.0/0
6014 417K MASQUERADE 0 -- * * 172.22.0.25 0.0.0.0/0
15810 760K MASQUERADE 0 -- * * 172.22.0.26 0.0.0.0/0
144K 14M MASQUERADE 0 -- * * 172.22.0.27 0.0.0.0/0
41351 2712K MASQUERADE 0 -- * * 172.22.0.28 0.0.0.0/0
331K 30M MASQUERADE 0 -- * * 172.22.0.29 0.0.0.0/0
3109 151K MASQUERADE 0 -- * * 172.22.0.31 0.0.0.0/0
0 0 MASQUERADE 0 -- * * 172.22.0.32 0.0.0.0/0
24408 1177K MASQUERADE 0 -- * * 172.22.0.33 0.0.0.0/0
491K 24M MASQUERADE 0 -- * * 172.22.0.34 0.0.0.0/0
3677 217K MASQUERADE 0 -- * * 172.22.0.18 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 59585 packets, 5004K bytes)
pkts bytes target prot opt in out source destination
iptables -t nat -L -nv z Debiana
Chain INPUT (policy DROP 942K packets, 82M bytes)
pkts bytes target prot opt in out source destination
375 67302 ACCEPT 0 -- * * 0.0.0.0/0 83.14.61.150
16017 1519K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
3999 240K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.22.0.1 tcp dpt:14534
0 0 ACCEPT udp -- * * 0.0.0.0/0 172.22.0.1 udp dpt:8767
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.22.0.1 tcp dpt:8000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.22.0.1 tcp dpt:8001
15224 2056K ACCEPT tcp -- * * 172.22.0.0/16 0.0.0.0/0 tcp dpt:8080
178K 27M ACCEPT tcp -- * * 172.22.0.0/16 0.0.0.0/0 tcp dpt:3128
15489 2330K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5269
6910 403K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:31518
12425 823K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:23073 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23073 state NEW
617 37493 ACCEPT tcp -- * * 0.0.0.0/0 172.22.0.1 tcp dpt:411
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.22.0.1 tcp dpt:53696
147 7180 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
47428 3724K ACCEPT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:137
12611 2872K ACCEPT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:138
1091 52764 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:139
11544 603K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW
12952 934K ACCEPT tcp -- * * 0.0.0.0/0 172.22.0.1 tcp dpt:999
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.22.0.1 tcp dpt:65535
0 0 ACCEPT tcp -- * * 172.22.0.0/16 0.0.0.0/0 tcp dpt:3979
25 775 ACCEPT udp -- * * 172.22.0.0/16 0.0.0.0/0 udp dpt:3979
0 0 ACCEPT tcp -- * * 172.22.0.0/16 0.0.0.0/0 tcp dpt:3450
0 0 ACCEPT udp -- * * 172.22.0.0/16 0.0.0.0/0 udp dpt:3450
605K 238M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain FORWARD (policy DROP 1310 packets, 76019 bytes)
pkts bytes target prot opt in out source destination
2469K 2386M ACCEPT 0 -- * * 0.0.0.0/0 172.22.22.22
1824K 351M ACCEPT 0 -- * * 172.22.22.22 0.0.0.0/0
0 0 ACCEPT 0 -- * * 0.0.0.0/0 83.14.61.150
64M 42G ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
5443 373K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:30:4F:14:0A:19
487K 56M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:0A:CD:04:C1:55
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10003
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10003
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10009
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10009
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:00:B4:C6:39:61
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10005
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10005
15 732 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10007
48 2108 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10007
48024 3232K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:A1:B0:00:15:4B
21 1008 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:03:47:7B:8C:92
1640 79028 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:0B:6A:52:5B:5E
52 2604 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
64 2700 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10000
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10006
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10006
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10011
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10011
33823 2599K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:13:8F:6D:94:2A
4 240 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10004
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10004
10261 538K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10010
4599 912K ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10010
54700 5795K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:0B:6A:5F:33:20
31592 1971K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:0B:6A:40:A2:7C
245 14479 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:04:61:53:A2:4A
58174 3438K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:0D:87:A9:E2:B3
12261 1011K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:0C:6E:09:1E:6F
138K 12M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:1A:4D:62:F9:7E
4364 399K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:0E:2E:83:C7:6B
688K 48M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:4F:62:13:92:FF
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:4F:62:13:92:FF
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10002
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10002
6626 497K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:13:8F:5B:2C:47
17726 838K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:A1:B0:00:13:62
84 4168 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10012
155 7134 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10012
162K 15M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:13:20:41:C4:28
65616 6578K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:0F:EA:1C:6A:01
16256 807K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10013
38811 5090K ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10013
397K 33M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:13:D3:98:1A:09
3222 156K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:0F:CB:AD:3C:11
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:0F:CB:B2:B2:84
25226 1226K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:0E:2E:CE:14:AC
136 6732 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10014
2383 444K ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10014
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10015
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10015
1433K 69M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:0F:EA:5A:7D:D3
3960 240K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:0F:EA:41:8B:5A
Chain OUTPUT (policy ACCEPT 32045 packets, 3091K bytes)
pkts bytes target prot opt in out source destination
20330 10M 0 -- * * 0.0.0.0/0 0.0.0.0/0 TOS match 0x08
940K 437M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
iptables -L -nv z Debiana
Post do zlikwidowania (albo co najmniej do skrócenia - szkoda miejsca w bazie, a i wyszukiwanie z takimi postami nie jest ułatwione) po rozwiązaniu problemu.
Acha - w tej chwli nie ma regułek dla squida. Internet musi działać.