I have recently purchased a filtering device. This device needs to service 4 subnets. It is placed behind a firewall/gateway/router/VPN server on one of the subnets (192.168.0.*) and is serving that one just fine. One of the other subnets(192.168.3.*) is in the same building and connected to the same router. The other two subnets (192.168.1.* & 192.168.2.*) are in another building also hooked up to a firewall/gateway/router/VPN server.

My gateway servers are masquerading and I need to set up my ipchains so that all port 80 traffic goes through the filter (192.168.0.5). The filter will automatically then send requests out to the internet and back appropriately.

I hope I have explained that well enough so that someone can help me!?

ipchains -P forward DENY
ipchains -A forward -i eth0 -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward

ifconfig eth0 192.168.?.? netmask 255.255.0.0

route add default gw 192.168.0.5

Dave,

Thanks for the reply. The machines are at work and I won't be able to test your advise for a few days but I didn't want you to think I didn't appreciate your respose.

cool,

Let us know what happens.

Dave,

The solution you gave sets up masq, which is already active.

Next it routes everything though IP 192.168.0.5. I only need packets that are going out port 80 to go through the filter. The ohter problem I see is that the filtering device uses the server to send information out to the internet. If that servers default route is to send information to 192.168.0.5 I start a horrible loop of death.

iptables -t nat -A POSTROUTING -p tcp --dport 80 -j DNAT --to 192.168.0.5:80


The above might work...