Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-21-2006, 05:17 PM
|
#1
|
Member
Registered: Oct 2003
Distribution: Slackware Debian VectorLinux
Posts: 429
Rep:
|
iptables redirecting
Hello!
I am trying to redirect by:
iptables -t nat -A PREROUTING -p tcp -dport 80 REDIRECT --to-ports 8080
and
echo 1 > ip_forward
But nothing seems to change. I can still surf the net even though I have no proxy loaded at 8080. tcpdump does not change it output.
any help will be great!
Murdock
|
|
|
05-21-2006, 06:39 PM
|
#2
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally Posted by Murdock1979
Hello!
I am trying to redirect by:
iptables -t nat -A PREROUTING -p tcp -dport 80 REDIRECT --to-ports 8080
and
echo 1 > ip_forward
But nothing seems to change. I can still surf the net even though I have no proxy loaded at 8080. tcpdump does not change it output.
any help will be great!
Murdock
|
you have many typos/errors in your syntax... try like this:
Code:
iptables -F -t nat
iptables -X -t nat
iptables -t nat -A PREROUTING -p TCP -i $LAN_IFACE \
--dport 80 -j REDIRECT --to-ports 8080
echo "1" > /proc/sys/net/ipv4/ip_forward
make sure you replace $LAN_IFACE with your actual LAN interface name...
Last edited by win32sux; 05-21-2006 at 06:40 PM.
|
|
|
05-22-2006, 01:18 AM
|
#3
|
Member
Registered: Oct 2003
Distribution: Slackware Debian VectorLinux
Posts: 429
Original Poster
Rep:
|
Thanks,
I made the changes and iptables -L displays the rule. However, it still doesn't seem to be making any difference.
Murdock
|
|
|
05-22-2006, 04:13 AM
|
#4
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
you're not trying this on the local machine are you??
post this: something's not right... the rule should indeed redirect all outgoing HTTP packets to the firewall... and in fact it does, at least on my boxes...
|
|
|
05-22-2006, 04:27 AM
|
#5
|
Member
Registered: Oct 2003
Distribution: Slackware Debian VectorLinux
Posts: 429
Original Poster
Rep:
|
yes, this is for a local machine.
I'll get you the output later. I am not at the computer right now. However, I tried it both on Knoppix and VectorLinux and both don't seem to work.
I set up tinyproxy at port 8080 and the logs never mention any connections. It only intializes, but that is it.
UPDATE: I revised the iptables to use the OUTPUT chain in nat. Now the tinyproxy establishes a connection. However, the browser hangs and does not load the web page. What do I need to do?
Also, I am behind a NAT router, so do you think that makes a difference?
Thanks,
Murdock
Last edited by Murdock1979; 05-22-2006 at 05:41 AM.
|
|
|
05-22-2006, 06:18 PM
|
#6
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
you really should be doing this at your NAT router, not locally... i kinda suspected you were doing this locally, which is why i asked... the rule i posted would only work on the router...
let me know if you get it to work on the local machine, cuz i've never done it like that, but it sounds kinda interesting...
|
|
|
05-22-2006, 06:31 PM
|
#7
|
Member
Registered: Oct 2003
Distribution: Slackware Debian VectorLinux
Posts: 429
Original Poster
Rep:
|
The family that I am setting up the internet filter for has only one computer, so I am trying to combine the proxy with the client. However, setting up rules to reject non-proxy requests on port 80 seems like an impossibility, because they are identical to the proxy's requests.
I think I got it:
in the nat OUTPUT chaing:
Code:
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere OWNER UID match root tcp dpt:http
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 8080
Root is the current user that the tinyproxy is set up as and can probably be changed.
Thanks again for all your help,
Murdock
Last edited by Murdock1979; 05-22-2006 at 06:47 PM.
|
|
|
All times are GMT -5. The time now is 03:13 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|