Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I don't think this will work.
$IPTABLES -A INPUT -i eth1 -p tcp --sport 80 --dport 8080 -j ACCEPT
I'm just starting with IPtables, and correct me if i'm wrong, but I think what this line does is changing source port 80 to destination port 8080. What I need to do is redirect destination port 80 to destination port 8080 on the local box, which is a proxy.
I guess I didn't explain myself enough in my initial email.; my eth0 is connected to the internet with a static public IP, 188.8.131.52 . Eth1 connects to a group of users and has another static public IP (different subnet) 184.108.40.206, no NAT is required. for these users the proxy needs to work in transparent mode. I found an IPtables entry for that purpose;
"The REDIRECT target is used to redirect packets and streams to the machine itself. This means that we could for example REDIRECT all packets destined for the HTTP ports to an HTTP proxy like squid, on our own host. Locally generated packets are mapped to the 127.0.0.1 address. In other words, this rewrites the destination address to our own host for packets that are forwarded, or something alike. The REDIRECT target is extremely good to use when we want, for example, transparent proxying, where the LAN hosts do not know about the proxy at all.
Note that the REDIRECT target is only valid within the PREROUTING and OUTPUT chains of the nat table. It is also valid within user-defined chains that are only called from those chains, and nowhere else. The REDIRECT target takes only one option, as described below.
My problem with this is that is seems to use NAT (or am I wrong?). And I don't want this traffic to be NATted.
2nd thing I want is that users connected on eth2 will be sNATted to eth0. eth0 has a private static IP 192.168.1.1/24. these users will use the proxy by using the proxy settings in their web browser to use port 8080. So I don't need to use the transparent setting as described earlier.