iptables redirection
Hi,
Am new to iptables. So if this question sounds bizarre please forgive me. We have two Squid proxy servers running in "non-transparent mode" (172.16.0.1 and 172.16.0.2). Currently users have to configure the proxy server they want to use by configuring them in their browsers. Recently I saw an example for redirecting web traffic to a single transparent proxy server. -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3128 Can anyone modify this rule to accommodate my current setup of two proxy servers running in non-transparent mode. i.e Redirect web traffic to the 172.16.0.1-172.16.0.2 ip range. Advanced thanks for the help. |
What kind of OS is on users computers?
|
Quote:
# Generated by iptables-save v1.2.8 on Tue Jan 31 20:19:08 2006 *filter :INPUT DROP [98:9891] :FORWARD ACCEPT [62452:12516145] :OUTPUT ACCEPT [28235:10386076] :LOGDROP - [0:0] -A LOGDROP -j LOG -A LOGDROP -j DROP -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth1 -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j ACCEPT -A INPUT -i eth1 -p udp -m udp --dport 1812 -j ACCEPT -A INPUT -i eth1 -p udp -m udp --dport 1813 -j ACCEPT -A INPUT -i eth1 -p udp -m udp --dport 1814 -j ACCEPT -A INPUT -i eth1 -j LOGDROP -A INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 --tcp-flags SYN,RST,ACK SYN -j ACCEPT -A INPUT -p tcp -m tcp --dport 3990 --tcp-flags SYN,RST,ACK SYN -j ACCEPT -A INPUT -p tcp -m tcp --dport 3128 --tcp-flags SYN,RST,ACK SYN -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth0 -j LOGDROP -A FORWARD -i eth0 -j LOGDROP -A FORWARD -o eth0 -j LOGDROP COMMIT # Completed on Tue Jan 31 20:19:08 2006 # Generated by iptables-save v1.2.8 on Tue Jan 31 20:19:08 2006 *nat :PREROUTING ACCEPT [4569:305698] :POSTROUTING ACCEPT [415:33518] :OUTPUT ACCEPT [634:47605] -A PREROUTING -d ! 192.168.1.1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 # Transparent proxy do not work on https #-A PREROUTING -d ! 192.168.1.1 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3128 # SSH -A POSTROUTING -o eth1 -p tcp -m tcp --dport 22 -j MASQUERADE # Direct access to JCT squid -A POSTROUTING -d 147.161.1.25 -o eth1 -p tcp -m tcp --dport 3128 -j MASQUERADE # DNS -A POSTROUTING -o eth1 -p tcp -m tcp --dport 53 -j MASQUERADE -A POSTROUTING -o eth1 -p udp -m udp --dport 53 -j MASQUERADE # POP IMAP -A POSTROUTING -o eth1 -p tcp -m tcp --dport 993 -j MASQUERADE -A POSTROUTING -o eth1 -p tcp -m tcp --dport 995 -j MASQUERADE -A POSTROUTING -o eth1 -p tcp -m tcp --dport 110 -j MASQUERADE -A POSTROUTING -o eth1 -p tcp -m tcp --dport 143 -j MASQUERADE # SMTP -A POSTROUTING -o eth1 -p tcp -m tcp --dport 25 -j MASQUERADE -A POSTROUTING -o eth1 -p tcp -m tcp --dport 587 -j MASQUERADE # https -A POSTROUTING -o eth1 -p tcp -m tcp --dport 443 -j MASQUERADE COMMIT # Completed on Tue Jan 31 20:19:08 2006 |
All times are GMT -5. The time now is 05:52 PM. |