вообщем есть локалка(win) ходят в инет ч/з squid + надо еще забирать почту с yandex
а для настройки iptables пользовался arno-iptables-firewall
вопрос: какую строчку конфига нужно править для того чтоб почта пошла по NAT?
p.s. вот чот кажет iptables -L
root@ubuntu:/etc# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state ESTABLISHED
ACCEPT tcp -- anywhere anywhere state RELATED tcp dpts:1024:65535
ACCEPT udp -- anywhere anywhere state RELATED udp dpts:1024:65535
ACCEPT icmp -- anywhere anywhere state RELATED
HOST_BLOCK 0 -- anywhere anywhere
MAC_FILTER 0 -- anywhere anywhere
SPOOF_CHK 0 -- anywhere anywhere
VALID_CHK 0 -- anywhere anywhere
EXT_INPUT_CHAIN !icmp -- anywhere anywhere state NEW
EXT_INPUT_CHAIN icmp -- anywhere anywhere state NEW limit: avg 20/sec burst 100
EXT_ICMP_CHAIN icmp -- anywhere anywhere state NEW
LAN_INPUT_CHAIN 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere limit: avg 1/sec burst 5 LOG level info prefix `Dropped INPUT packet: '
DROP 0 -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT 0 -- anywhere anywhere state ESTABLISHED
ACCEPT tcp -- anywhere anywhere state RELATED tcp dpts:1024:65535
ACCEPT udp -- anywhere anywhere state RELATED udp dpts:1024:65535
ACCEPT icmp -- anywhere anywhere state RELATED
HOST_BLOCK 0 -- anywhere anywhere
MAC_FILTER 0 -- anywhere anywhere
SPOOF_CHK 0 -- anywhere anywhere
VALID_CHK 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
LAN_INET_FORWARD_CHAIN 0 -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
LOG 0 -- anywhere anywhere limit: avg 1/min burst 3 LOG level info prefix `Dropped FORWARD packet: '
DROP 0 -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT 0 -- anywhere anywhere state ESTABLISHED
LOG 0 -f anywhere anywhere limit: avg 3/min burst 5 LOG level info prefix `FRAGMENTED PACKET (OUT): '
DROP 0 -f anywhere anywhere
EXT_OUTPUT_CHAIN 0 -- anywhere anywhere
Chain EXT_ICMP_CHAIN (1 references)
target prot opt source destination
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 12/hour burst 1 LOG level info prefix `ICMP-request(ping) flood: '
LOG icmp -- anywhere anywhere icmp destination-unreachable limit: avg 12/hour burst 1 LOG level info prefix `ICMP-unreachable flood: '
LOG icmp -- anywhere anywhere icmp source-quench limit: avg 12/hour burst 1 LOG level info prefix `ICMP-source-quench flood: '
LOG icmp -- anywhere anywhere icmp time-exceeded limit: avg 12/hour burst 1 LOG level info prefix `ICMP-time-exceeded flood: '
LOG icmp -- anywhere anywhere icmp parameter-problem limit: avg 12/hour burst 1 LOG level info prefix `ICMP-param.-problem flood: '
DROP icmp -- anywhere anywhere icmp echo-request
DROP icmp -- anywhere anywhere icmp destination-unreachable
DROP icmp -- anywhere anywhere icmp source-quench
DROP icmp -- anywhere anywhere icmp time-exceeded
DROP icmp -- anywhere anywhere icmp parameter-problem
LOG icmp -- anywhere anywhere limit: avg 12/hour burst 1 LOG level info prefix `ICMP(other) flood: '
DROP icmp -- anywhere anywhere
Chain EXT_INPUT_CHAIN (2 references)
target prot opt source destination
LOG tcp -- anywhere anywhere tcp dpt:0 limit: avg 6/hour burst 1 LOG level info prefix `TCP port 0 OS fingerprint: '
LOG udp -- anywhere anywhere udp dpt:0 limit: avg 6/hour burst 1 LOG level info prefix `UDP port 0 OS fingerprint: '
DROP tcp -- anywhere anywhere tcp dpt:0
DROP udp -- anywhere anywhere udp dpt:0
LOG tcp -- anywhere anywhere tcp spt:0 limit: avg 6/hour burst 5 LOG level info prefix `TCP source port 0: '
LOG udp -- anywhere anywhere udp spt:0 limit: avg 6/hour burst 5 LOG level info prefix `UDP source port 0: '
DROP tcp -- anywhere anywhere tcp spt:0
DROP udp -- anywhere anywhere udp spt:0
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 3/min burst 1 LOG level info prefix `ICMP-request: '
LOG icmp -- anywhere anywhere icmp destination-unreachable limit: avg 12/hour burst 1 LOG level info prefix `ICMP-unreachable: '
LOG icmp -- anywhere anywhere icmp source-quench limit: avg 12/hour burst 1 LOG level info prefix `ICMP-source-quench: '
LOG icmp -- anywhere anywhere icmp time-exceeded limit: avg 12/hour burst 1 LOG level info prefix `ICMP-time-exceeded: '
LOG icmp -- anywhere anywhere icmp parameter-problem limit: avg 12/hour burst 1 LOG level info prefix `ICMP-param.-problem: '
LOG tcp -- anywhere anywhere tcp dpts:1024:65535 flags:!FIN,SYN,RST,ACK/SYN limit: avg 3/min burst 5 LOG level info prefix `Stealth scan (UNPRIV)?: '
LOG tcp -- anywhere anywhere tcp dpts:0:1023 flags:!FIN,SYN,RST,ACK/SYN limit: avg 3/min burst 5 LOG level info prefix `Stealth scan (PRIV)?: '
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp dpts:0:1023 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (PRIV): '
LOG udp -- anywhere anywhere udp dpts:0:1023 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (PRIV): '
LOG tcp -- anywhere anywhere tcp dpts:1024:65535 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (UNPRIV): '
LOG udp -- anywhere anywhere udp dpts:1024:65535 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (UNPRIV): '
DROP tcp -- anywhere anywhere
DROP udp -- anywhere anywhere
DROP icmp -- anywhere anywhere
LOG 0 -- anywhere anywhere limit: avg 1/min burst 5 LOG level info prefix `Other-IP connection attempt: '
DROP 0 -- anywhere anywhere
Chain EXT_OUTPUT_CHAIN (1 references)
target prot opt source destination
Chain HOST_BLOCK (2 references)
target prot opt source destination
Chain LAN_INET_FORWARD_CHAIN (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 20/sec burst 100
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 3/min burst 1 LOG level info prefix `ICMP-request: '
DROP icmp -- anywhere anywhere icmp echo-request
ACCEPT 0 -- anywhere anywhere
Chain LAN_INPUT_CHAIN (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 20/sec burst 100
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 3/min burst 1 LOG level info prefix `ICMP-request: '
DROP icmp -- anywhere anywhere icmp echo-request
ACCEPT 0 -- anywhere anywhere
Chain MAC_FILTER (2 references)
target prot opt source destination
Chain RESERVED_NET_CHK (0 references)
target prot opt source destination
LOG 0 -- 10.0.0.0/8 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class A address: '
LOG 0 -- 172.16.0.0/12 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class B address: '
LOG 0 -- 192.168.0.0/16 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class C address: '
LOG 0 -- link-local/16 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class M$ address: '
DROP 0 -- 10.0.0.0/8 anywhere
DROP 0 -- 172.16.0.0/12 anywhere
DROP 0 -- 192.168.0.0/16 anywhere
DROP 0 -- link-local/16 anywhere
Chain SPOOF_CHK (2 references)
target prot opt source destination
RETURN 0 -- 10.10.1.0/24 anywhere
LOG 0 -- 10.10.1.0/24 anywhere limit: avg 3/min burst 5 LOG level info prefix `Spoofed packet: '
DROP 0 -- 10.10.1.0/24 anywhere
RETURN 0 -- anywhere anywhere
Chain VALID_CHK (2 references)
target prot opt source destination
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG limit: avg 3/min burst 5 LOG level info prefix `Stealth XMAS scan: '
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG limit: avg 3/min burst 5 LOG level info prefix `Stealth XMAS-PSH scan: '
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG limit: avg 3/min burst 5 LOG level info prefix `Stealth XMAS-ALL scan: '
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN limit: avg 3/min burst 5 LOG level info prefix `Stealth FIN scan: '
LOG tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST limit: avg 3/min burst 5 LOG level info prefix `Stealth SYN/RST scan: '
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN limit: avg 3/min burst 5 LOG level info prefix `Stealth SYN/FIN scan(?): '
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg 3/min burst 5 LOG level info prefix `Stealth Null scan: '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
LOG tcp -- anywhere anywhere tcp option=64 limit: avg 3/min burst 1 LOG level info prefix `Bad TCP flag(64): '
LOG tcp -- anywhere anywhere tcp option=128 limit: avg 3/min burst 1 LOG level info prefix `Bad TCP flag(128): '
DROP tcp -- anywhere anywhere tcp option=64
DROP tcp -- anywhere anywhere tcp option=128
DROP 0 -- anywhere anywhere state INVALID
LOG 0 -f anywhere anywhere limit: avg 3/min burst 1 LOG level warning prefix `Fragmented packet: '
DROP 0 -f anywhere anywhere
root@ubuntu:/etc#