redirect all inet trafic to proxy how ?? [2]
Ok, i'm (still) trying to make an internal lan talk to an external proxy..
lan <-> Linuxrouter <-> proxy -> inet proxy works transparent. linuxrouter can trace and ping the outside world (inet) here is my iptables script for linuxrouter: 192.168.2.19 = proxy 192.168.2.8 = eth0 linuxrouter [external-net] 192.168.1.10 = eth1 linux router [internal-net] 192.168.1.0/24 = lan ------------------------------------------- #!/bin/sh echo "flushing.." iptables -F iptables -t nat -F echo "default -> accept" iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT echo "forward" echo 1> /proc/sys/net/ipv4/ip_forward iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT ###iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE echo "redirect" iptables -t nat -A PREROUTING -i eth0 -s ! 192.168.2.19 -p tcp --dport 80 -j DNAT --to 192.168.2.19:8080 iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -d 192.168.2.19 -j SNAT --to 192.168.2.8 iptables -A FORWARD -s 192.168.1.0/24 -d 192.168.2.19 -i eth1 -o eth0 -p tcp --dport 8080 -j ACCEPT ------------------------------------------- these rules give nothing, no trace or ping to proxy/inet the idee is to send all http/inet requests to the proxy-server. and no trafic goes outside... so i need 0.0.0.0 port 80 request redirected to the proxy port 8080. the last 3 lines are copied from http://tldp.org/HOWTO/TransparentProxy-6.html what goes wrong with this script..?? |
where is the error message or summary from logs?
i don't know iptables hardly at all, sorry. but this seems like a 'doable' thing. but without a clearer understanding of what is going wrong, i'm not sure anyone can help you. i'd start by taking it all down (ie the walls)..(leave inet off if you are tooo scared), then build until it works. good luck. |
All times are GMT -5. The time now is 10:22 PM. |