[K12OSN] Help with iptables
James P. Kinney III
jkinney at localnetsolutions.com
Fri Dec 12 00:19:11 UTC 2008
On Thu, 2008-12-11 at 08:55 +0000, Brian Chivers wrote:
> I'll try and draw a ASCII diagram, try being the word :-)
>
> Thinclients 10.0.0.x
> |
> |
> Server 10.0.0.1
> 192.168.0.100
> |
> |
> MAIN NETWORK (All servers on 192.168.0.x/16 - Proxy 192.168.0.80:8080
> |
> |
> Firewall (Green Network - 192.168.0.2)
> (Orange DMZ - 172.16.0.x)
> (Red - 212.219.x.x)
> |
> |
> CISCO to Internet
>
> What I don't want to is the thinclients to be able to access the internet WITHOUT the proxy but I'd
> like them to be able to access the DMZ machines without using the proxy.
>
Ah! Now I see what you are doing!
On the thin client server you need ALL web traffic NOT going to the DMZ
machine to go through the proxy
iptables -A -t nat POSTROUTING -d ! 172.16.0.0/255.255.255.0 -p tcp -m
tcp --dports 80,443 -j DNAT 192.168.0.80:8080
--
James P. Kinney III
CEO & Director of Engineering
Local Net Solutions,LLC
http://www.localnetsolutions.com
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the K12OSN
mailing list