[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] conversion from ipchains to iptables



Try port '3128'. That is the standard port number.

Andy Hall wrote:
Good morning!

I've updated our firewall to RH 7.2 and now I want to convert from ipchains to iptables so some users can use FTP in some applications - won't work in ipchains because of NAT. I'm having trouble getting our transparent redirect to work correctly and thought someone might be able to help?

Here's what I have for basic rules I'm working with right now:

############################
#eth0 == private side (10.x.x.x)
#eth1 == public side (204.x.x.x)

iptables -P INPUT DROP
iptables -A INPUT -s 10.x.x.0/24 -j ACCEPT
iptables -A INPUT -s 204.x.x.0/24 -j ACCEPT
iptables -A OUTPUT -d 10.x.x.0/24 -j ACCEPT
iptables -A OUTPUT -d 204.x.x.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -d ! 10.x.x.0/24 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 REDIRECT --to-port 3218


#At this point I need to load the mod. so FTP will work with iptables.
###################
This all seems good till it comes to that last line with the REDIRECT. That doesn't want to work, and so everyone gets around the squid/squidguard box.


Thanks for any and all help!

Andy

Andy Hall, Technology Director
Wellington-Napoleon R-9 School District
Wellington, MO  64097
(816)240-2621; fax (816)934-8649




_______________________________________________ K12OSN mailing list K12OSN redhat com https://listman.redhat.com/mailman/listinfo/k12osn For more info see <http://www.k12os.org>



--
John King
Multnomah ESD
11611 NE Ainsworth Circle
Portland, Oregon 97220
Phone: 503-257-1542  FAX: 503-257-1538
mailto: jking mesd k12 or us






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]