LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-17-2011, 12:51 AM   #1
anandnenwani
Member
 
Registered: Oct 2011
Location: India,
Distribution: RHEL,Open SuSE
Posts: 39

Rep: Reputation: Disabled
Angry iptables is not redirecting traffic


I have linux squid server with two lan card
eth0 --> 192.168.0.x
eth1--> 10.230.5.x

and my squid is running well.

but i don't want to set browser's settings of clients.

as i tried
Code:
iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j REDIRECT --to-port 3128 
iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth1 -j REDIRECT --to-port 3128
but still this is not working.
 
Old 11-17-2011, 03:48 AM   #2
KamasCZ
LQ Newbie
 
Registered: Jan 2011
Location: Czech Republic, Tyniste n. O.
Distribution: Slackware
Posts: 22

Rep: Reputation: 1
Can you do
Quote:
iptables -L -n
and
Code:
iptables -L -t nat -n
and post the results here?

The command you posted seems to be OK, so I thik it's some other firewall rule.

Last edited by KamasCZ; 11-17-2011 at 03:49 AM.
 
Old 11-17-2011, 10:49 AM   #3
anandnenwani
Member
 
Registered: Oct 2011
Location: India,
Distribution: RHEL,Open SuSE
Posts: 39

Original Poster
Rep: Reputation: Disabled
iptables -t nat -L
output is:-

Quote:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
iptables -L -n

output is
:-
Quote:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination
Please reply me

I tried alot but still it's not working what i m leaving something .??


Please check this one too, as i did these too..

http://www.linuxquestions.org/questi...8/#post4525479

Last edited by anandnenwani; 11-17-2011 at 10:59 AM.
 
Old 11-18-2011, 03:32 AM   #4
KamasCZ
LQ Newbie
 
Registered: Jan 2011
Location: Czech Republic, Tyniste n. O.
Distribution: Slackware
Posts: 22

Rep: Reputation: 1
Hmm, nothing bad as I can see.
So, try to add
Code:
iptables -A POSTROUTING -t nat ! -d 10.230.5.0/24 -s 10.230.5.0/24 -j MASQUERADE
rule. This rule should be above the redirecting to squid.

This should give you access to networks behind the machine with squid.
Also check if you have enabled ip forwarding - do
Code:
cat /proc/sys/net/ipv4/ip_forward
result must be 1

Are the routing tables on machine with squid well configured?
try
Code:
route -n
and paste results here, also check routing table on windows gateway
Code:
route print
 
Old 11-18-2011, 12:43 PM   #5
anandnenwani
Member
 
Registered: Oct 2011
Location: India,
Distribution: RHEL,Open SuSE
Posts: 39

Original Poster
Rep: Reputation: Disabled
These are the configurations are:-

and I checked ip_forward . it's is 1.

squid box:-
eth0--> 192.168.1.16
eth1--> 10.0.0.4

iptables -t nat -L

output is:-

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 10.0.0.0/24 !10.0.0.0/24

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

# route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

I am not getting what is happening with me.. ? i tried alot. am leaving something ..??? Please help..
 
Old 11-18-2011, 12:47 PM   #6
anandnenwani
Member
 
Registered: Oct 2011
Location: India,
Distribution: RHEL,Open SuSE
Posts: 39

Original Poster
Rep: Reputation: Disabled
Please tell me few more steps which is important to configuring squid and ipptables REDIRECT traffics..????

Thank You so much..!!

 
Old 11-19-2011, 11:34 PM   #7
anandnenwani
Member
 
Registered: Oct 2011
Location: India,
Distribution: RHEL,Open SuSE
Posts: 39

Original Poster
Rep: Reputation: Disabled
Question

Quote:
Originally Posted by KamasCZ View Post
Hmm, nothing bad as I can see.
So, try to add
Code:
iptables -A POSTROUTING -t nat ! -d 10.230.5.0/24 -s 10.230.5.0/24 -j MASQUERADE
rule. This rule should be above the redirecting to squid.

This should give you access to networks behind the machine with squid.
Also check if you have enabled ip forwarding - do
Code:
cat /proc/sys/net/ipv4/ip_forward
result must be 1

Are the routing tables on machine with squid well configured?
try
Code:
route -n
and paste results here, also check routing table on windows gateway
Code:
route print
I again did value 1 ip_forward it with Open SuSE 11.4 and it worked.....Thanku So much ....But Why Iptables is not working well in RHEL.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Redirecting all traffic through HTTP proxy using iptables globemast Linux - Networking 2 11-17-2011 04:49 PM
redirecting traffic Tareq85 Linux - Networking 1 05-28-2008 03:47 PM
Redirecting all port 80 traffic to SSL s0n|k Linux - Software 1 10-29-2007 11:44 AM
Iptables - Redirecting Outgoing Traffic Frankablu Linux - Networking 1 06-12-2005 01:18 PM
redirecting vpn traffic brb5548 Linux - Networking 1 07-01-2003 01:13 PM


All times are GMT -5. The time now is 03:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration