FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 01-31-2011, 11:46 AM
Jobst Schmalenbach
 
Default redirecting traffic using iptables

Hi.

I have two internet connections, the ADSL2+ is very
very cheap (but fast 10mb) and I want to use the SHDSL (2mb)
only for mail,ssh,http OUT and the ADSL2+ only for
surfing.

I all works fine if people specify the proxy in the
browser, but in case like flash it of no use.

Further if I can make the 80/443 traffic go through
the proxy only, its an added bonus. If this can be
done, fine. Bue I want all 80/443 traffic go through host2.

SHDSL ADSL2+
------ -------
host 1 host2
SQUID
------ -------
| |
------------
host3
------------
|
eth1

On host 3 I have been trying to do this with IPtables, but I am stuck,
I tried to utilise squid too, does not work

tried:

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to $PROXY:3128
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to $PROXY:3128

browser tell me "invalid request".

All I want is to redirect all traffic through host2 if ports 443 and 80
are encountered, thats all. If it goes through the proxy it is an
added bonus, but not required.


ANy ideas, anyone?



Jobst


--
'Two things are infinite: the universe and human stupidity, and I'm not sure about the first one. - Albert Einstein

| |0| | Jobst Schmalenbach, jobst@barrett.com.au, General Manager
| | |0| Barrett Consulting Group P/L & The Meditation Room P/L
|0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-31-2011, 11:49 AM
Giles Coochey
 
Default redirecting traffic using iptables

On 31/01/2011 13:46, Jobst Schmalenbach wrote:

Hi.

I have two internet connections, the ADSL2+ is very
very cheap (but fast 10mb) and I want to use the SHDSL (2mb)
only for mail,ssh,http OUT and the ADSL2+ only for
surfing.

I all works fine if people specify the proxy in the
browser, but in case like flash it of no use.

Further if I can make the 80/443 traffic go through
the proxy only, its an added bonus. If this can be
done, fine. Bue I want all 80/443 traffic go through host2.

SHDSL ADSL2+
------ -------
host 1 host2
SQUID
------ -------
| |
------------
host3
------------
|
eth1

On host 3 I have been trying to do this with IPtables, but I am stuck,
I tried to utilise squid too, does not work

tried:

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to $PROXY:3128
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to $PROXY:3128

browser tell me "invalid request".

All I want is to redirect all traffic through host2 if ports 443 and 80
are encountered, thats all. If it goes through the proxy it is an
added bonus, but not required.


ANy ideas, anyone?



Read the transparent proxy howto... you may need to do SNAT as well as DNAT.
http://tldp.org/HOWTO/TransparentProxy-6.html

--
Best Regards,

Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: giles@coochey.net
Skype: gilescoochey



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-31-2011, 01:58 PM
Robert Spangler
 
Default redirecting traffic using iptables

On Monday 31 January 2011 07:46, Jobst Schmalenbach wrote:

> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
> $PROXY:3128 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j
> DNAT --to $PROXY:3128
>
> browser tell me "invalid request".

>From the man pages:

DNAT
--to-destination ipaddr[-ipaddr][ort-port]


You could combined these two rules into one with Multiport.
Check the MAN pages.


--

Regards
Robert

Linux
The adventure of a lifetime.

Linux User #296285
Get Counted
http://counter.li.org/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-24-2011, 06:45 AM
Jobst Schmalenbach
 
Default redirecting traffic using iptables

You are correct, I used section 6.1.
Its working now

thanks





On Mon, Jan 31, 2011 at 01:49:08PM +0100, Giles Coochey (giles@coochey.net) wrote:
> On 31/01/2011 13:46, Jobst Schmalenbach wrote:
> >Hi.
> >
> >I have two internet connections, the ADSL2+ is very
> >very cheap (but fast 10mb) and I want to use the SHDSL (2mb)
> >only for mail,ssh,http OUT and the ADSL2+ only for
> >surfing.
> >
> >I all works fine if people specify the proxy in the
> >browser, but in case like flash it of no use.
> >
> >Further if I can make the 80/443 traffic go through
> >the proxy only, its an added bonus. If this can be
> >done, fine. Bue I want all 80/443 traffic go through host2.
> >
> > SHDSL ADSL2+
> > ------ -------
> > host 1 host2
> > SQUID
> > ------ -------
> > | |
> > ------------
> > host3
> > ------------
> > |
> > eth1
> >
> >On host 3 I have been trying to do this with IPtables, but I am stuck,
> >I tried to utilise squid too, does not work
> >
> >tried:
> >
> > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to $PROXY:3128
> > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to $PROXY:3128
> >
> >browser tell me "invalid request".
> >
> >All I want is to redirect all traffic through host2 if ports 443 and 80
> >are encountered, thats all. If it goes through the proxy it is an
> >added bonus, but not required.
> >
> >
> >ANy ideas, anyone?
> >
> >
> Read the transparent proxy howto... you may need to do SNAT as well as DNAT.
> http://tldp.org/HOWTO/TransparentProxy-6.html
>
> --
> Best Regards,
>
> Giles Coochey
> NetSecSpec Ltd
> NL T-Systems Mobile: +31 681 265 086
> NL Mobile: +31 626 508 131
> GIB Mobile: +350 5401 6693
> Email/MSN/Live Messenger: giles@coochey.net
> Skype: gilescoochey
>
>
>



> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos


--
Time flies like the wind. Fruit flies like a banana.

| |0| | Jobst Schmalenbach, jobst@barrett.com.au, General Manager
| | |0| Barrett Consulting Group P/L & The Meditation Room P/L
|0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 04:36 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org