Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello forums,
I have a folowing question:
I've tried to make a iptables script with such rules (this is just a simple exaple for 2 clients):
user from ip 192.168.0.44 will connect through gateway
user from ip 192.168.0.149 will connect through proxy (192.168.0.2)
#through gateway
iptables -t nat -A POSTROUTING -s 192.168.0.44 -j MASQUERADE
iptables -A FORWARD -j ACCEPT -i eth0 -s 192.168.0.44
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#ssh
iptables -A INPUT -j ACCEPT -p tcp --dport 22
echo 1 > /proc/sys/net/ipv4/ip_forward
But the problem is that they both are pushed through proxy.
I'm not an iptables guru, and as far as I can figure out, theres a problem
with "iptables -t nat -A PREROUTING -i eth0 -s ! 192.168.0.2 -p tcp --dport 80 -j DNAT --to 192.168.0.2:8080"
but i cannot find any solution.
Thank you for your ideas.
im confused. can u explain your network? i need to know your network configuration (especially subnets) to suggest some iptables rules.
btw why dont u run proxy on gateway box?
OK, my network looks like this:
1)linux gateway 192.168.0.1
2)FreeBSD procy server 192.168.0.2
I want all users from network 192.168.0.0/24 to be filtered by proxy (just http port), but there is one client (lets say 192.168.0.30), that i do not want to be filtered - it's http requests must be routed trough gateway, not proxy.
Proxy server is run on different box because gateway is old 486 box, an i needed content filtering, so proxy server is more powerfull.
sorry, i think the trouble is the PREROUTING rule that i suggest u. i made a mistake
because it doesnt let your porxy server to connect external server via http. it redirects back to proxy. so it doesnt work.
can u configure proxy server to let your ip to reach http without filters ? because i dont know how to create a PREROUTING rule that can do. i can use only one "!" so, i cannot define opposite of two IPs in one PREROUTING rule.
btw: all of clients will be able reach http port trou proxy. all of other connections will be blocked by gateway. only your ip can reach internet via full ports. if u want to allow a client to connect specific port, add a FORWARD rule like this:
iptables -A FORWARD -i eth0 -s $ip_of_that_client -p $protokol --dport $dport_no -j ACCEPT
the main problem is one clinet which uses some old software, which works wit HTTP/1.0 protocol, - as far as realised on my configuration,
only HTTP/1.1 requests are serverd correct. so there's a problem.
If i could get HTTP/1.0 requests to be handled correctly, I've could pass entire subnet via proxy, without thinking a way-around with iptables rules.
So linux and freebsd are both visible from the clients?
I mean is linux between freebsd and the lan, or everyone can "see" everyone?
if that is the case why don't you put as GW the FreeBSD machine on the .30 client?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.