Iptables and proxy prerouting redirect

dustin at larmeir.com dustin at larmeir.com
Sun Jan 17 02:10:56 UTC 2010 

I figured it out:

 

[root at gateway network-scripts]# iptables -t nat -A PREROUTING -i eth1 -s !
10.0.0.249 -p tcp --dport 80 -j DNAT --to 10.0.0.249:8080

[root at gateway network-scripts]# iptables -t nat -A POSTROUTING -o eth1 -s
10.0.0.0/24 -d 10.0.0.249 -j SNAT --to 10.0.0.249

[root at gateway network-scripts]# iptables -A FORWARD -s 10.0.0.0/24 -d
10.0.0.249 -i eth1 -o eth1 -p tcp --dport 8080 -j ACCEPT

 

Thanks, Dustin

 

From: dustin at larmeir.com [mailto:dustin at larmeir.com] 
Sent: Saturday, January 16, 2010 6:18 PM
To: General Red Hat Linux discussion list (redhat-list at redhat.com)
Subject: Iptables and proxy prerouting redirect

 

Hello everyone, this may be a simple fix but was wondering how to go about
the following. I have 2 systems on my network, 1 a redhat 4.x box acting as
a router and the other another system working as a dedicated proxy.  The
dedicated proxy resides on the network that the router serves and I was
wondering how I could configure iptables to route port 80 requests from the
router machine to the other machine's proxy running on port 8080 - below is
some more specifics:

 

As shown below my router serves its dhcp off of eth 1:

 

[root at gateway ~]# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:C0:4F:5E:4E:02

          inet addr:192.168.1.9  Bcast:192.168.1.255  Mask:255.255.255.0

          inet6 addr: fe80::2c0:4fff:fe5e:4e02/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:254428 errors:0 dropped:0 overruns:0 frame:0

          TX packets:128178 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:339207909 (323.4 MiB)  TX bytes:31298432 (29.8 MiB)

          Interrupt:11 Base address:0xdc00

 

eth1      Link encap:Ethernet  HWaddr 00:0E:2E:91:DF:08

          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0

          inet6 addr: fe80::20e:2eff:fe91:df08/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:93762 errors:0 dropped:0 overruns:0 frame:0

          TX packets:145855 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:28534050 (27.2 MiB)  TX bytes:120473831 (114.8 MiB)

          Interrupt:10 Base address:0x6400

 

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:14234 errors:0 dropped:0 overruns:0 frame:0

          TX packets:14234 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:3585239 (3.4 MiB)  TX bytes:3585239 (3.4 MiB)

 

My proxy runs on the ip of 10.0.0.249:8080

 

I know to have systems run through the proxy on the router I could use :

 

/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 8080

 

How could I modify this to reroute me to 10.0.0.249:8080 which is my other
proxy?

 

Any input on this would be greatly appreciated.

 

Thank you,
Dustin

More information about the redhat-list mailing list