LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 12-01-2009, 05:52 PM   #1
fantasygoat
Member
 
Registered: Sep 2009
Posts: 119

Rep: Reputation: 17
Forward port 80 for all traffic except to certain host/network


I have an application which checks websites for new content, and it runs on several servers. So, to lower bandwidth costs I've put a Squid server in front of them and used iptables to forward all calls on port 80 to it.

iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to x.x.x.x:3128

The problem I have is that there are a couple of servers which do other tasks that are dependent on source IP, so they won't accept connections from the Squid server. So, for those ones, I don't want it to forward to Squid.

How would I format my iptables call to forward everything unless the destination address or net is X?

iptables is a bit of a mystery to me.
 
Old 12-02-2009, 11:51 AM   #2
deadeyes
Member
 
Registered: Aug 2006
Posts: 605

Rep: Reputation: 79
Quote:
Originally Posted by fantasygoat View Post
I have an application which checks websites for new content, and it runs on several servers. So, to lower bandwidth costs I've put a Squid server in front of them and used iptables to forward all calls on port 80 to it.

iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to x.x.x.x:3128

The problem I have is that there are a couple of servers which do other tasks that are dependent on source IP, so they won't accept connections from the Squid server. So, for those ones, I don't want it to forward to Squid.

How would I format my iptables call to forward everything unless the destination address or net is X?

iptables is a bit of a mystery to me.
-d <ip-address> Match destination IP address
http://www.linuxhomenetworking.com/w...Using_iptables

This is a very good guide.
 
Old 12-02-2009, 03:22 PM   #3
fantasygoat
Member
 
Registered: Sep 2009
Posts: 119

Original Poster
Rep: Reputation: 17
I've read that and I'm still not sure how I should structure the commands.

Perhaps like this?

iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to x.x.x.x:3128
iptables -t nat -A OUTPUT -p tcp --dport 80 -d y.y.y.y -j ACCEPT

Last edited by fantasygoat; 12-02-2009 at 03:24 PM.
 
Old 12-04-2009, 01:08 PM   #4
fantasygoat
Member
 
Registered: Sep 2009
Posts: 119

Original Poster
Rep: Reputation: 17
As an update, I dug through the documentation for iptables and discovered the "-d" parameter will accept a NOT parameter in the form of "!". So the appropriate command is:

iptables -t nat -A OUTPUT -p tcp --dport 80 -d ! y.y.y.y -j DNAT --to x.x.x.x:3128
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Monitor current network traffic to a give host ulver Linux - Networking 1 10-29-2009 06:41 AM
How do I forward specific network traffic securely to another host? silverblimp Linux - Server 3 04-20-2009 06:48 AM
Divertingnetwork traffic on port 80 to a proxy server running on the same host 8118. kondrara Linux - Networking 15 09-23-2008 08:09 AM
Finding a way to forward traffic to same IP on different network using VPN. TaigaIV Linux - Networking 1 07-10-2008 03:25 PM
forward port 80 to squid + passing all other traffic Obig Linux - Networking 1 06-02-2008 03:48 PM


All times are GMT -5. The time now is 01:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration