[K12OSN] Help with iptables
Brian Chivers
brian at portsmouth-college.ac.uk
Tue Dec 9 15:44:06 UTC 2008
I'm having some problems with our iptables on our K12LTSP EL5 box. What I'd like to do is force all
traffic through our proxy EXCEPT local 192.168 & DMZ 172.16 traffic.
I've copied the notes on the Wiki and that works except the local / DMZ traffic still goes via the
proxy. I've added .portsmouth-college.ac.uk to the proxy bypass but this causes the machines to be
stopped going to local addresses. I think it's the NAT section that is the problem.
Any ideas ??
Thanks
Brian
This is the dump of iptables I have
# Generated by iptables-save v1.3.5 on Tue Dec 9 15:16:57 2008
*mangle
:PREROUTING ACCEPT [375588828:72798580212]
:INPUT ACCEPT [375588263:72798529543]
:FORWARD ACCEPT [288:17280]
:OUTPUT ACCEPT [599782127:692898036982]
:POSTROUTING ACCEPT [599782441:692898067655]
COMMIT
# Completed on Tue Dec 9 15:16:57 2008
# Generated by iptables-save v1.3.5 on Tue Dec 9 15:16:57 2008
*filter
:INPUT ACCEPT [375588263:72798529543]
:FORWARD ACCEPT [288:17280]
:OUTPUT ACCEPT [599782046:692898029854]
COMMIT
# Completed on Tue Dec 9 15:16:57 2008
# Generated by iptables-save v1.3.5 on Tue Dec 9 15:16:57 2008
*nat
:PREROUTING ACCEPT [3638527:670011055]
:POSTROUTING ACCEPT [2458078:165610024]
:OUTPUT ACCEPT [2454988:165424624]
-A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.80:8080
-A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.80:8080
COMMIT
# Completed on Tue Dec 9 15:16:57 2008
------------------------------------------------------------------------------------------------
The views expressed here are my own and not necessarily
the views of Portsmouth College
More information about the K12OSN
mailing list