Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I don't think this will work.
$IPTABLES -A INPUT -i eth1 -p tcp --sport 80 --dport 8080 -j ACCEPT
I'm just starting with IPtables, and correct me if i'm wrong, but I think what this line does is changing source port 80 to destination port 8080. What I need to do is redirect destination port 80 to destination port 8080 on the local box, which is a proxy.
I guess I didn't explain myself enough in my initial email.; my eth0 is connected to the internet with a static public IP, 220.127.116.11 . Eth1 connects to a group of users and has another static public IP (different subnet) 18.104.22.168, no NAT is required. for these users the proxy needs to work in transparent mode. I found an IPtables entry for that purpose;
"The REDIRECT target is used to redirect packets and streams to the machine itself. This means that we could for example REDIRECT all packets destined for the HTTP ports to an HTTP proxy like squid, on our own host. Locally generated packets are mapped to the 127.0.0.1 address. In other words, this rewrites the destination address to our own host for packets that are forwarded, or something alike. The REDIRECT target is extremely good to use when we want, for example, transparent proxying, where the LAN hosts do not know about the proxy at all.
Note that the REDIRECT target is only valid within the PREROUTING and OUTPUT chains of the nat table. It is also valid within user-defined chains that are only called from those chains, and nowhere else. The REDIRECT target takes only one option, as described below.
My problem with this is that is seems to use NAT (or am I wrong?). And I don't want this traffic to be NATted.
2nd thing I want is that users connected on eth2 will be sNATted to eth0. eth0 has a private static IP 192.168.1.1/24. these users will use the proxy by using the proxy settings in their web browser to use port 8080. So I don't need to use the transparent setting as described earlier.