Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
OK, well you probably don't want a standard NAT, and you also want to enable ip forwarding on the firewall. BTW, You've not mentioned the word "Linux" in any of this... this IS a linux firewall, right?? This will get the routing / natting sorted:
sysctl -w net.ipv4.ip_forward=1 (edit this in /etc/sysctl.conf to make it permanent.
iptables -t nat -A POSTROUTING -s 172.16.1.XXX -o eth1 -j MASQUERADE
Where XXX is the proy server IP. After that you will still want responsible firewall rules to control the access in general.
Last edited by acid_kewpie; 07-08-2011 at 05:31 AM.
OK, well you probably don't want a standard NAT, and you also want to enable ip forwarding on the firewall. BTW, You've not mentioned the word "Linux" in any of this... this IS a linux firewall, right?? This will get the routing / natting sorted:
sysctl -w net.ipv4.ip_forward=1 (edit this in /etc/sysctl.conf to make it permanent.
iptables -t nat -A POSTROUTING -s 172.16.1.XXX -o eth1 -j MASQUERADE
Where XXX is the proy server IP. After that you will still want responsible firewall rules to control the access in general.
yes, it is linux firewall. thank you for your fast reply.
I did exactly what you tell in this post for letting only Proxy Server connect to Internet through firewall. And let other PCs connect to Internet through Proxy Server (they can't connect directly to Internet), I add the following rule:
iptables -A INPUT -d 172.16.1.XXX -p all -j ACCEPT (XXX is the proxy server IP)
well that as a rule by itself will work - Oh no, you've got -d (destination) instead of is (source) for the proxy so you'd want to change that, but if it's appended it may be after a default deny so wouldn't get reached etc. "iptables -vnL" will show the full ruleset in context. I would not advise allowing *everything* through from it. From its role as a proxy it should only need tcp ports 80 and 443. You should also only be permitted new traffic explicitly on that rule, but that's something of a subtlety that won't affect you right now.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.