Ok, i'm (still) trying to make an internal lan talk to an external proxy..
lan <-> Linuxrouter <-> proxy -> inet
proxy works transparent.
linuxrouter can trace and ping the outside world (inet)
here is my iptables script for linuxrouter:
192.168.2.19 = proxy
192.168.2.8 = eth0 linuxrouter [external-net]
192.168.1.10 = eth1 linux router [internal-net]
192.168.1.0/24 = lan
-------------------------------------------
#!/bin/sh
echo "flushing.."
iptables -F
iptables -t nat -F
echo "default -> accept"
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
echo "forward"
echo 1> /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
###iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo "redirect"
iptables -t nat -A PREROUTING -i eth0 -s ! 192.168.2.19 -p tcp --dport 80 -j DNAT --to 192.168.2.19:8080
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -d 192.168.2.19 -j SNAT --to 192.168.2.8
iptables -A FORWARD -s 192.168.1.0/24 -d 192.168.2.19 -i eth1 -o eth0 -p tcp --dport 8080 -j ACCEPT
-------------------------------------------
these rules give nothing, no trace or ping to proxy/inet
the idee is to send all http/inet requests to the proxy-server.
and no trafic goes outside...
so i need 0.0.0.0 port 80 request redirected to the proxy port 8080.
the last 3 lines are copied from
http://tldp.org/HOWTO/TransparentProxy-6.html
what goes wrong with this script..??