Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
So would like help on what the correct iptables rules should be to allow internet through the lan on eth0 so it can connect to the proxy\dansguardian\etc and send it on to the router via eth1.
or am I making a mistake on how I am setting this up?
no, the scenario is good. you just need an iptables redirection on LAN interface to intercept the browser request to enter the squidguard port.
assuming your squidguard on port 8080 and, eth0 as LAN intf (as root):
#/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
unless you know how to do an interface bridging - i think the most easiest method is to do a double NAT.
so - create another NAT on eth1 :
#/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE.
Thanks for the replys, I will have to try this later when got some other things sorted.
Altough it all seems a bit to simple. I can mend PCs fine.. but networking is an area I'm not very knowledgeable at. Is there anything I am forgetting or don't know that I need to do to get this set up to work? Or is all I need the two iptable rules on the proxy server?
You *need* very little on the proxy server. If you wish, you can add filtering rules. I have one small quibble with rossonieri#1's post. When your IP addresses are stable (as your's appear to be -- contrasted with, for example, dialup) I believe it would be preferred to use SNAT instead of MASQUERADE. Although MASQUERADE will work, albeit less optimally. (See iptables' man page or the NAT-HOWTO.)
Last edited by blackhole54; 04-19-2009 at 01:27 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
