LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 08-15-2006, 08:15 AM   #1
nickleus
Member
 
Registered: Nov 2004
Location: Noreg
Distribution: ubuntu
Posts: 107

Rep: Reputation: 15
debian iptables squid - redirect port 80 to port 8080 on another machine


i have a linux (rh7) machine (webMachine, ip: 192.168.0.5) running a web server on port 8080.
i have another linux (debian) machine on the same network (firewallMachine, two interfaces ip: 10.0.0.40 [out to inet], ip: 192.168.0.2 [connected to internal network]).

on firewallMachine i have also installed squid, to reverse proxy for webMachine, i.e. hide all external ip addresses from webMachine, so it thinks only 1 ip address is communicating with it.

squid is configured to listen to port 80 and then redirect everything to webMachine on port 8080.
here is some of my relevant squid.conf configuration:
Code:
http_port 80
acl our_networks src 192.168.0.0/24 10.0.0.0/24
http_access allow our_networks
http_access allow localhost
httpd_accel_host 192.168.0.5
httpd_accel_port 8080
httpd_accel_single_host on
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
(i'm not sure if all of these should be enabled, need help)

and my relevant iptables lines in firewall.sh:
Code:
$IPT -A FORWARD -p tcp -i $INET_IFACE --destination-port 80 -j ACCEPT
$IPT -t nat -A PREROUTING -i $INET_FACE -p tcp --dport 80 -j REDIRECT --to-port 8080
i can't seem to reach webMachine from the internet (everything is set up correctly on my router, that much i do know).
 
Old 08-17-2006, 12:59 AM   #2
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86; Gentoo PPC; Gentoo Sparc64; FreeBSD; OS X; Solaris
Posts: 3,731
Blog Entries: 4

Rep: Reputation: 64
My router passes web/mail requests to a DMZ machine, just like what you are looking for I think. My relevant rules look like this:
Code:
$IPTABLES -t nat -A PREROUTING -p tcp -d $EXTIP --dport 80 -j DNAT --to 192.168.0.11:80
$IPTABLES -A FORWARD -p tcp -i eth0 -o eth1 -d 192.168.0.11 --dport 80 -m state --state NEW -j ACCEPT
The only difference is that both of my machines are using port 80. Have a look at using DNAT rather than REDIRECT.

HTH
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Allowing connections to port 8080 in iptables apache363 Linux - Software 1 10-12-2004 02:14 PM
Please help me finish setup IPTABLES,all I need is to forward port 8080 pembo13 Linux - Networking 4 07-18-2003 10:28 PM
Redirect port with iptables |DeJoTa| Linux - Networking 0 07-11-2003 01:31 AM
REDIRECT port 80 to 8080 not working dwynter Linux - Networking 2 06-25-2003 08:06 AM
Squid cascaded from wingate on port 8080 80s Linux - Newbie 6 12-30-2002 06:57 AM


All times are GMT -5. The time now is 07:24 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration