Redirection question.

Redirection question.

[Hernán Mailluquet]

[-- Attachment #1: Type: text/plain, Size: 327 bytes --]

Hi, i have doing transparent proxy with squid and this port redirect rule:

iptables -t nat -A PREROUTING -i eth1 -p TCP --dport 80 -j REDIRECT --to-port 8080

and works fine. Now, i want dont't redirect some request to destination dirs like 192.168.0.0/24 and 192.168.1.0/24 (for example). How i can do this? 

Thanks.

[-- Attachment #2: Type: text/html, Size: 1007 bytes --]

Re: Redirection question.

[Jesper Lund]

> Hi, i have doing transparent proxy with squid and this port redirect
> rule:
>
> iptables -t nat -A PREROUTING -i eth1 -p TCP --dport 80 -j REDIRECT
> --to-port 8080
>
> and works fine. Now, i want dont't redirect some request to destination
> dirs like 192.168.0.0/24 and 192.168.1.0/24 (for example). How i can do
> this?

You could make som ACCEPT'ing rules before you REDIRECT:

iptables -t nat -A PREROUTING -i eth1 -p TCP --dport 80 -d 192.168.0.0/24
-j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -p TCP --dport 80 -d 192.168.1.0/24
-j ACCEPT

Regards, Jesper

Redirection question

[Sasa Stupar]

Hi!

I have installed mail server on my lan. Now I would like to redirect all 
lan users to use that mail server as smtp (similar as transparent proxy 
with squid). How do I do that smtp redirection?
I was thinking something like:
-------------
iptables -t nat -A PREROUTING -i eth0 -s ! smtp-box -p tcp --dport 25 -j 
DNAT --to smtp-box:25
iptables -t nat -A POSTROUTING -o eth0 -s local-network -d smtp-box -j 
SNAT --to iptables-box
iptables -A FORWARD -s local-network -d smtp-box -i eth0 -o eth0 -p tcp 
--dport 25 -j ACCEPT
--------------
Is this correct?

Regards,
Sasa

Re: Redirection question

[Sasa Stupar]

Sasa Stupar a écrit :

> Hi!
> 
> I have installed mail server on my lan. Now I would like to redirect all 
> lan users to use that mail server as smtp (similar as transparent proxy 
> with squid). How do I do that smtp redirection?
> I was thinking something like:
> -------------
> iptables -t nat -A PREROUTING -i eth0 -s ! smtp-box -p tcp --dport 25 -j 
> DNAT --to smtp-box:25
> iptables -t nat -A POSTROUTING -o eth0 -s local-network -d smtp-box -j 
> SNAT --to iptables-box
> iptables -A FORWARD -s local-network -d smtp-box -i eth0 -o eth0 -p tcp 
> --dport 25 -j ACCEPT
> --------------
> Is this correct?
> 
> Regards,
> Sasa
> 

I forgot some more infos:
running on FC3 with sendmail. This is also a router with 2 NIC
installed: one for internet and one for LAN.

Sasa

Re: Redirection question

[Sasa Stupar]

Sasa Stupar a écrit :

> Sasa Stupar a écrit :
> 
>> Hi!
>>
>> I have installed mail server on my lan. Now I would like to redirect 
>> all lan users to use that mail server as smtp (similar as transparent 
>> proxy with squid). How do I do that smtp redirection?
>> I was thinking something like:
>> -------------
>> iptables -t nat -A PREROUTING -i eth0 -s ! smtp-box -p tcp --dport 25 
>> -j DNAT --to smtp-box:25
>> iptables -t nat -A POSTROUTING -o eth0 -s local-network -d smtp-box -j 
>> SNAT --to iptables-box
>> iptables -A FORWARD -s local-network -d smtp-box -i eth0 -o eth0 -p 
>> tcp --dport 25 -j ACCEPT
>> --------------
>> Is this correct?
>>
>> Regards,
>> Sasa
>>
> 
> I forgot some more infos:
> running on FC3 with sendmail. This is also a router with 2 NIC
> installed: one for internet and one for LAN.
> 
> Sasa

Solved. It is working as I have mentioned above.

Sasa

RE: Redirection question

[Hudson Delbert J Contr 61 CS/SCBN]

i guess i need to ask what role you play in the lan admin?

i think it might be easier to modify mx type pointer mechanisms on the clients
instead of having the fw do all this wasteful redirs. they are wasteful
because you now where you want the mail traffic to go - this isnt clever.
its a way to perform this task but its not very elegant and doesnt scale for
manintenance.

out...


-----Original Message-----
From: netfilter-bounces@lists.netfilter.org
[mailto:netfilter-bounces@lists.netfilter.org]On Behalf Of Sasa Stupar
Sent: Monday, December 20, 2004 1:33 PM
To: Netfilter ML
Subject: Re: Redirection question


Sasa Stupar a écrit :

> Sasa Stupar a écrit :
> 
>> Hi!
>>
>> I have installed mail server on my lan. Now I would like to redirect 
>> all lan users to use that mail server as smtp (similar as transparent 
>> proxy with squid). How do I do that smtp redirection?
>> I was thinking something like:
>> -------------
>> iptables -t nat -A PREROUTING -i eth0 -s ! smtp-box -p tcp --dport 25 
>> -j DNAT --to smtp-box:25
>> iptables -t nat -A POSTROUTING -o eth0 -s local-network -d smtp-box -j 
>> SNAT --to iptables-box
>> iptables -A FORWARD -s local-network -d smtp-box -i eth0 -o eth0 -p 
>> tcp --dport 25 -j ACCEPT
>> --------------
>> Is this correct?
>>
>> Regards,
>> Sasa
>>
> 
> I forgot some more infos:
> running on FC3 with sendmail. This is also a router with 2 NIC
> installed: one for internet and one for LAN.
> 
> Sasa

Solved. It is working as I have mentioned above.

Sasa

RE: Redirection question

[Sasa Stupar]

[-- Attachment #1: Type: text/plain, Size: 2283 bytes --]

I did that because of one reason - viruses/worms sending from infected
computer by using mail server settings in the clients Outlook. But
clients also have some other accounts and not only local so I get
complains from my ISP and other that I am sending spam vith viruses.
This way I redirect all smtp traffic to my server which requires client
authentication. And if some worms/viruses have their own smtp server
they are also redirected to my internal mail server which will block
anauthorized relay attempt.

Sasa

V pon, 20.12.2004 ob 23:47 je Hudson Delbert J Contr 61 CS/SCBN
napisal(a):
> i guess i need to ask what role you play in the lan admin?
> 
> i think it might be easier to modify mx type pointer mechanisms on the clients
> instead of having the fw do all this wasteful redirs. they are wasteful
> because you now where you want the mail traffic to go - this isnt clever.
> its a way to perform this task but its not very elegant and doesnt scale for
> manintenance.
> 
> out...
> 
> 
> -----Original Message-----
> From: netfilter-bounces@lists.netfilter.org
> [mailto:netfilter-bounces@lists.netfilter.org]On Behalf Of Sasa Stupar
> Sent: Monday, December 20, 2004 1:33 PM
> To: Netfilter ML
> Subject: Re: Redirection question
> 
> 
> Sasa Stupar a écrit :
> 
> > Sasa Stupar a écrit :
> > 
> >> Hi!
> >>
> >> I have installed mail server on my lan. Now I would like to redirect 
> >> all lan users to use that mail server as smtp (similar as transparent 
> >> proxy with squid). How do I do that smtp redirection?
> >> I was thinking something like:
> >> -------------
> >> iptables -t nat -A PREROUTING -i eth0 -s ! smtp-box -p tcp --dport 25 
> >> -j DNAT --to smtp-box:25
> >> iptables -t nat -A POSTROUTING -o eth0 -s local-network -d smtp-box -j 
> >> SNAT --to iptables-box
> >> iptables -A FORWARD -s local-network -d smtp-box -i eth0 -o eth0 -p 
> >> tcp --dport 25 -j ACCEPT
> >> --------------
> >> Is this correct?
> >>
> >> Regards,
> >> Sasa
> >>
> > 
> > I forgot some more infos:
> > running on FC3 with sendmail. This is also a router with 2 NIC
> > installed: one for internet and one for LAN.
> > 
> > Sasa
> 
> Solved. It is working as I have mentioned above.
> 
> Sasa
> 
> 

[-- Attachment #2: To je digitalno podpisani del sporočila --]
[-- Type: application/pgp-signature, Size: 189 bytes --]