Linux Proxy: Public to LAN

eliufoo · 04-15-2008, 04:17 AM

Hi All,

I need setup proxy process on my machine(Linux FC6) that has public Internet access to allow a remote server to the machine. And then enable the proxy to forward the traffic from the remote machine to another secure LAN network system. The remote server can neither establish a direct connection to the SECURE LAN nor tunneling it traffic.

Please advised with a solution or setup that would work with the above mechanics.

trryhend · 04-15-2008, 10:54 PM

Quote:

Originally Posted by eliufoo

Hi All,

I need setup proxy process on my machine(Linux FC6) that has public Internet access to allow a remote server to the machine. And then enable the proxy to forward the traffic from the remote machine to another secure LAN network system. The remote server can neither establish a direct connection to the SECURE LAN nor tunneling it traffic.

Please advised with a solution or setup that would work with the above mechanics.

If firestarter is installed, use it, should be rather easy to share the connection with an inside LAN. (If sharing the Internet is all you need.)

Or, if you prefer doing things manually, see:
http://lindesk.com/2007/04/internet-...sing-iptables/
(Again, if sharing the connection is all you need.)

If you do in fact need a proxy caching server for your Web clients, see:
http://www.icewalkers.com/rpm/squid/...uid-25235.html

eaglek96 · 04-16-2008, 08:58 PM

I'm thinking squid proxy is a good solution. Maybe set that up as a "reverse proxy" to get what you desire. It's a quick and easy setup if you use a package manager to install it.

What protocol is this application using?

eliufoo · 04-26-2008, 05:20 AM

Hi,

Port forwarding would work for above setup. But, I have the following problem in setting it up.

I have two interfaces configured (Internet & LAN). I want traffic from a specefic host to be routed to a specific server.

My external interface is eth1 (197.41.39.55) & internal interface eth0 (192.168.10.0/24) that has several servers and networking equipments that needs to be reached by external hosts. I intend to route traffic from host 80.223.75.169 destined197.41.39.55 on port 8080, to be forwarded to 192.168.10.5 port 80. According to my internet search, below configuration should work:

- iptables -t nat -A PREROUTING -p tcp -i eth1 -d 197.41.39.55 --dport 8080 -j DNAT --to 192.168.10.5
- iptables -A FORWARD -p tcp -i eth0 -d 192.168.10.5 --dport 80 -j ACCEPT
- iptables -t nat -A PREROUTING -j LOG --log-level debug --log-prefix '***PREROUTING***'

I have implemented the above configuration but nothing works. I have also completely FLUSHED my firewall (for testing) and loaded the NAT module. And still doesn't work. Also, apart from the log file (messages), how can i troubleshoot iptable configuration.

Assist please:

Elly