[K12OSN] Help with iptables
James P. Kinney III
jkinney at localnetsolutions.com
Fri Dec 12 01:14:37 UTC 2008
Crud. Wrong chain and wrong target definition. see below
On Thu, 2008-12-11 at 19:19 -0500, James P. Kinney III wrote:
> On Thu, 2008-12-11 at 08:55 +0000, Brian Chivers wrote:
>
> > I'll try and draw a ASCII diagram, try being the word :-)
> >
> > Thinclients 10.0.0.x
> > |
> > |
> > Server 10.0.0.1
> > 192.168.0.100
> > |
> > |
> > MAIN NETWORK (All servers on 192.168.0.x/16 - Proxy 192.168.0.80:8080
> > |
> > |
> > Firewall (Green Network - 192.168.0.2)
> > (Orange DMZ - 172.16.0.x)
> > (Red - 212.219.x.x)
> > |
> > |
> > CISCO to Internet
> >
> > What I don't want to is the thinclients to be able to access the internet WITHOUT the proxy but I'd
> > like them to be able to access the DMZ machines without using the proxy.
> >
> Ah! Now I see what you are doing!
> On the thin client server you need ALL web traffic NOT going to the DMZ
> machine to go through the proxy
>
CORRECTED
> iptables -A -t nat PREROUTING -d ! 172.16.0.0/255.255.255.0 -p tcp -m
> tcp --dports 80,443 -j DNAT --to-destination 192.168.0.80:8080
>
>
>
> --
> James P. Kinney III
> CEO & Director of Engineering
> Local Net Solutions,LLC
> http://www.localnetsolutions.com
>
> GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> <jkinney at localnetsolutions.com>
> Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
>
>
--
James P. Kinney III
CEO & Director of Engineering
Local Net Solutions,LLC
http://www.localnetsolutions.com
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the K12OSN
mailing list