[K12OSN] Help with iptables
Brian Chivers
brian at portsmouth-college.ac.uk
Thu Dec 11 08:55:15 UTC 2008
Almquist Burke wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On Dec 9, 2008, at 9:44 AM, Brian Chivers wrote:
>
>> I'm having some problems with our iptables on our K12LTSP EL5 box.
>> What I'd like to do is force all traffic through our proxy EXCEPT
>> local 192.168 & DMZ 172.16 traffic.
>>
>> I've copied the notes on the Wiki and that works except the local /
>> DMZ traffic still goes via the proxy. I've added
>> .portsmouth-college.ac.uk to the proxy bypass but this causes the
>> machines to be stopped going to local addresses. I think it's the NAT
>> section that is the problem.
>>
>> Any ideas ??
>>
>> Thanks
>> Brian
>>
>
> It would help is we knew what kind of setup you have on the network, and
> where your proxy is running in relation to all of this.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
>
> iEYEARECAAYFAkk/kNAACgkQxWV7OPa/g5FhKQCeJlsVePnDJvcOMvaYmgS9adAN
> VawAn2SMI0ORuc2YLWFmXfyK6XWA8bft
> =LDGo
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
I'll try and draw a ASCII diagram, try being the word :-)
Thinclients 10.0.0.x
|
|
Server 10.0.0.1
192.168.0.100
|
|
MAIN NETWORK (All servers on 192.168.0.x/16 - Proxy 192.168.0.80:8080
|
|
Firewall (Green Network - 192.168.0.2)
(Orange DMZ - 172.16.0.x)
(Red - 212.219.x.x)
|
|
CISCO to Internet
What I don't want to is the thinclients to be able to access the internet WITHOUT the proxy but I'd
like them to be able to access the DMZ machines without using the proxy.
Thanks
Brian
------------------------------------------------------------------------------------------------
The views expressed here are my own and not necessarily
the views of Portsmouth College
More information about the K12OSN
mailing list