iptables rule and/or proxy server help request
Edward
edward at tripled.iinet.net.au
Wed Jul 21 01:18:58 UTC 2004
Mike Burger wrote:
> I've got a pretty good iptables firewall in place which, at present,
> allows fairly broad access to the net from the machines behind the
> firewall.
>
> What I'd like to do, now, is have the firewall forward outbound packets
> for port 80 (to any address) to port 8080 on my server, which will then
> proxy (DansGuardian+Squid or Privoxy).
>
> I've tried this (keeping in mind that I'm trying it for one system, first,
> before implementing it network-wide):
>
> $IPTABLES -t nat -A PREROUTING -s 192.168.0.4 -p tcp --dport 80 -j DNAT
> --to 192.168.0.1:8080
> $IPTABLES -A FORWARD -i eth1 -p tcp --dport 80 -m state --state NEW -d
> 192.168.0.1 -j ACCEPT
>
> I've tried using a "REDIRECT", but then connections go absolutely
> nowhere...it seems that REDIRECT only works on the local system, not
> across the network.
>
> But then the proxies don't actually grab any info and present it back to
> the browser.
>
> If I set up direct proxy connections in the browsers, though, to the proxy
> server at 8080, it works just fine.
>
> Maybe it's not an iptables setting, but a proxy server setting I want?
> I'm at a loss.
Hey Mike.
I know you've been around a fair while, and probably have already done
this, but have you checked this document?
http://www.tldp.org/HOWTO/TransparentProxy.html
Chapter 5 has iptables examples.
May do the trick?
You're probably miles ahead of this suggestion anyway, so just ignore me
if I'm talking from where the sun don't shine.
Regards,
Ed.
More information about the redhat-list
mailing list