From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Aldo S. Lagana" Subject: RE: Quick Question Date: Thu, 13 Jun 2002 13:37:40 -0400 Sender: netfilter-admin@lists.samba.org Message-ID: <018701c21301$04655500$c764a8c0@aldoxp> References: Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0188_01C212DF.7D53B500" Return-path: In-Reply-To: Errors-To: netfilter-admin@lists.samba.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: 'Mike Atlas' , netfilter@lists.samba.org This is a multi-part message in MIME format. ------=_NextPart_000_0188_01C212DF.7D53B500 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit It is fairly easy - The redirect to squid is done in the PREROUTING chain and SNAT is done in POSTROUTING... so if it is port 80 it will get picked up first, otherwise it will be SNAT'ted in the POSTROUTING chain: iptables -t nat -A PREROUTING -i $INTERNAL_INTERFACE -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables -t nat -A POSTROUTING -o $INTERNET_INTERFACE -j SNAT --to-source $INTERNET_IP -----Original Message----- From: netfilter-admin@lists.samba.org [mailto:netfilter-admin@lists.samba.org] On Behalf Of Mike Atlas Sent: Thursday, May 30, 2002 4:10 PM To: netfilter@lists.samba.org Subject: Quick Question Hello Everyone. I hope you all can help me, I'm sure you can (it seems like a pretty simple problem). I am setting up a Squid proxy server to run in transparent mode. To do this, I need to forward all port 80 and 443 traffic to squids' port, 3128. Additionally, I would like all other traffic on all other ports to forward on to the router. I have found a script to forward port 80 to squid (note: eth1 is my internal interface, eth0 is external): iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 I assume I can run the same line for 443: iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j REDIRECT --to-port 3128 However, what can I use to forward EVERYTHING that is not port 80 out of the eth0 interface, to our router (192.168.0.2)? I know it has something to do with --dport ! 80, but I can't figure it out. Thanks for your help. BTW, this is RedHat 72. if that makes any difference. Linux kernel 2.4.9-31. -mike ______________________________________________ Mike Atlas 703.385.8362(v) Senior System Engineer 703.385.3674(f) Vista Innovation www.vistainnovation.com ------=_NextPart_000_0188_01C212DF.7D53B500 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Message
It is=20 fairly easy -
 
The=20 redirect to squid is done in the PREROUTING chain = and
SNAT=20 is done in POSTROUTING...
 
so if=20 it is port 80 it will get picked up first, otherwise it will be = SNAT'ted in=20 the POSTROUTING chain:
 
iptables -t nat -A PREROUTING -i $INTERNAL_INTERFACE -p tcp = --dport 80 -j=20 REDIRECT --to-port 3128
 
iptables -t nat -A POSTROUTING -o $INTERNET_INTERFACE -j SNAT = --to-source=20 $INTERNET_IP
-----Original Message-----
From:=20 netfilter-admin@lists.samba.org = [mailto:netfilter-admin@lists.samba.org] On=20 Behalf Of Mike Atlas
Sent: Thursday, May 30, 2002 4:10=20 PM
To: netfilter@lists.samba.org
Subject: Quick=20 Question

Hello Everyone. I=20 hope you all can help me, I'm sure you can (it seems like a pretty = simple=20 problem).
 
I am = setting up a=20 Squid proxy server to run in transparent mode. To do this, I need to = forward=20 all port 80 and 443 traffic to squids' port, 3128. Additionally, I = would like=20 all other traffic on all other ports to forward on to the router.=20
 
I = have found a=20 script to forward port 80 to squid (note: eth1 is my internal = interface, eth0=20 is external):
 
iptables -t nat -A=20 PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port=20 3128
 
I = assume I can run=20 the same line for 443:
 
iptables -t nat = -A PREROUTING=20 -i eth1 -p tcp --dport 443 -j REDIRECT --to-port=20 3128
 
 
However, what can I use to forward = EVERYTHING that is=20 not port 80 out of the eth0 interface, to our router=20 (192.168.0.2)?
I know it has something to do with --dport = ! 80, but=20 I can't figure it out.
 
Thanks for your = help.
BTW, this is RedHat 72. if that makes any = difference.=20 Linux kernel 2.4.9-31.
 
-mike

______________________________________________
Mike=20 = Atlas           &n= bsp;           &nb= sp; =20 703.385.8362(v)
Senior System Engineer   =20 703.385.3674(f)
Vista=20 = Innovation          &nb= sp;    =20 www.vistainnovation.com

 
------=_NextPart_000_0188_01C212DF.7D53B500--