LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page debian iptables squid - redirect port 80 to port 8080 on another machine
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-15-2006, 08:15 AM   #1
nickleus
Member
 
Registered: Nov 2004
Location: Noreg
Distribution: ubuntu
Posts: 107

Rep: Reputation: 15
debian iptables squid - redirect port 80 to port 8080 on another machine

i have a linux (rh7) machine (webMachine, ip: 192.168.0.5) running a web server on port 8080.
i have another linux (debian) machine on the same network (firewallMachine, two interfaces ip: 10.0.0.40 [out to inet], ip: 192.168.0.2 [connected to internal network]).

on firewallMachine i have also installed squid, to reverse proxy for webMachine, i.e. hide all external ip addresses from webMachine, so it thinks only 1 ip address is communicating with it.

squid is configured to listen to port 80 and then redirect everything to webMachine on port 8080.
here is some of my relevant squid.conf configuration:
Code:
http_port 80
acl our_networks src 192.168.0.0/24 10.0.0.0/24
http_access allow our_networks
http_access allow localhost
httpd_accel_host 192.168.0.5
httpd_accel_port 8080
httpd_accel_single_host on
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
(i'm not sure if all of these should be enabled, need help)

and my relevant iptables lines in firewall.sh:
Code:
$IPT -A FORWARD -p tcp -i $INET_IFACE --destination-port 80 -j ACCEPT
$IPT -t nat -A PREROUTING -i $INET_FACE -p tcp --dport 80 -j REDIRECT --to-port 8080
i can't seem to reach webMachine from the internet (everything is set up correctly on my router, that much i do know).
 
Old 08-17-2006, 12:59 AM   #2
bulliver
Senior Member
Contributing Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 78
My router passes web/mail requests to a DMZ machine, just like what you are looking for I think. My relevant rules look like this:
Code:
$IPTABLES -t nat -A PREROUTING -p tcp -d $EXTIP --dport 80 -j DNAT --to 192.168.0.11:80
$IPTABLES -A FORWARD -p tcp -i eth0 -o eth1 -d 192.168.0.11 --dport 80 -m state --state NEW -j ACCEPT
The only difference is that both of my machines are using port 80. Have a look at using DNAT rather than REDIRECT.

HTH
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Allowing connections to port 8080 in iptables apache363 Linux - Software 1 10-12-2004 02:14 PM
Please help me finish setup IPTABLES,all I need is to forward port 8080 pembo13 Linux - Networking 4 07-18-2003 10:28 PM
Redirect port with iptables |DeJoTa| Linux - Networking 0 07-11-2003 01:31 AM
REDIRECT port 80 to 8080 not working dwynter Linux - Networking 2 06-25-2003 08:06 AM
Squid cascaded from wingate on port 8080 80s Linux - Newbie 6 12-30-2002 06:57 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:46 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration