transparent proxy
 

Hello all. I want to port forward all connections going OUT on 80 to 3128 on another box. My gw is 192.168.1.1 with the firewall rules. I'm still using ipchains and ipmasqadm (iptables gave me hell when I tried to do ANY port forwarding =(
My proxy server is .1.2

Here is what I have right now. I have tried several things - but nothing has seemed to work:

# Port forward web traffic through the proxy server
ipchains -A input -p tcp -s 192.168.1.0/24 80 -d 0.0.0.0/32 80 -m 1
ipmasqadm mfw -A -m 1 -r 192.168.1.2 -p 3128

I tried this as well:
ipchains -A input -p tcp -s 192.168.1.0/24 80 -m 1
ipmasqadm mfw -A -m 1 -r 192.168.1.2 -p 3128

and this:
ipmasqadm portfw -a -P tcp -L 192.168.1.1 80 -R 192.168.1.2 3128
(i figured MAYBE since the packets were coming in from the inside interface that it might forward to the proxy server)

Any advice would be appreciated. Thanks again!

hello

port forwarding is much easier with iptables. the commands for it are for example

iptables -t nat -A PREROUTING -d dest_ip -p tcp --dport dest_port -j DNAT

the most important here as you might see, is the target speciefied by the -j switch which tells iptables to DESTINATION-NAT to some port.

hope this works.

if you need assistance in setting up a iptables firewall, an you understand german, you might visit

raven.eplay.ch

i wrote a pretty fine tutorial about how to set up an iptables firewall.

cya