* RE: Multi Addressing... is it possible ?
@ 2004-04-30 18:59 Aldo Lagana
2004-04-30 19:58 ` Rhaoni Chiu Pereira
0 siblings, 1 reply; 8+ messages in thread
From: Aldo Lagana @ 2004-04-30 18:59 UTC (permalink / raw)
To: 'Rhaoni Chiu Pereira', netfilter
I dont understand your question but I assume that for those 2 IPs you DON'T
want squid to proxy - rules like this work for me:
iptables -t nat -I PREROUTING -d 129.37.0.111 --dport 80 -j ACCEPT
iptables -t nat -I PREROUTING -d 32.97.118.242 --dport 80 -j ACCEPT
-I inserts the rule at the top of the chain thus firing it when it hits
those IPs...not the best method, but a quick kludge that works for me.
-----Original Message-----
From: Rhaoni Chiu Pereira [mailto:rhaoni@sistemica.info]
Sent: Friday, April 30, 2004 2:45 PM
To: netfilter@lists.netfilter.org
Subject: Multi Addressing... is it possible ?
Hi List,
I must implement a few firewallrules but I'm a little bit lost. I use a
transparent proxy with this following rule:
IPTABLES -t nat -A PREROUTING -p tcp -i eth1 -s 192.168.0.0/16 -d !
192.168.0.0/16 --dport 80 -j REDIRECT --to-port 3128
The -d parameter is because I have a few VPN's and my squid uses a
tcp_outgoing_address, so ... Now I must create some exceptions for two IP's
more
than the 192.168.0.0/16 net but I don't know how ... any ideas ?
the Ip's are 129.37.0.113 and 32.97.118.242
thanks,
Rhaoni Chiu Pereira
Visit our website at http://www.p21.com/visit
The information in this e-mail is confidential and may contain legally
privileged information. It is intended solely for the person or entity to
which it is addressed. Access to this e-mail by anyone else is
unauthorized. If you are not the intended recipient, any disclosure,
copying, distribution, action taken, or action omitted to be taken in
reliance on it, is prohibited and may be unlawful. If you received this
e-mail in error, please contact the sender and delete the material from any
computer.
^ permalink raw reply [flat|nested] 8+ messages in thread* RE: Multi Addressing... is it possible ?
2004-04-30 18:59 Multi Addressing... is it possible ? Aldo Lagana
@ 2004-04-30 19:58 ` Rhaoni Chiu Pereira
2004-04-30 20:12 ` John A. Sullivan III
2004-04-30 20:18 ` Antony Stone
0 siblings, 2 replies; 8+ messages in thread
From: Rhaoni Chiu Pereira @ 2004-04-30 19:58 UTC (permalink / raw)
To: Aldo Lagana; +Cc: netfilter
Hi List,
Aldo, thanks for the tip... I didn't know about the -I parameter... I still
have a doubt about a protocol type, I received a documentation of some rules
that I have to create in my firewall and it has a ESP(50) Protocol and no port
listed so I don't know how to make it using iptables! Does anyone know what is
this ESP(50) Protocol ?
Atenciosamente,
Rhaoni Chiu Pereira
Sistêmica Computadores
Visite-nos na Web: http://sistemica.info
Fone/Fax : +55 51 3328 1122
Citando Aldo Lagana <ALagana@p21.com>:
<> I dont understand your question but I assume that for those 2 IPs you DON'T
<> want squid to proxy - rules like this work for me:
<>
<> iptables -t nat -I PREROUTING -d 129.37.0.111 --dport 80 -j ACCEPT
<> iptables -t nat -I PREROUTING -d 32.97.118.242 --dport 80 -j ACCEPT
<>
<> -I inserts the rule at the top of the chain thus firing it when it hits
<> those IPs...not the best method, but a quick kludge that works for me.
<>
<> -----Original Message-----
<> From: Rhaoni Chiu Pereira [mailto:rhaoni@sistemica.info]
<> Sent: Friday, April 30, 2004 2:45 PM
<> To: netfilter@lists.netfilter.org
<> Subject: Multi Addressing... is it possible ?
<>
<>
<> Hi List,
<>
<> I must implement a few firewallrules but I'm a little bit lost. I use a
<> transparent proxy with this following rule:
<>
<> IPTABLES -t nat -A PREROUTING -p tcp -i eth1 -s 192.168.0.0/16 -d !
<> 192.168.0.0/16 --dport 80 -j REDIRECT --to-port 3128
<>
<> The -d parameter is because I have a few VPN's and my squid uses a
<> tcp_outgoing_address, so ... Now I must create some exceptions for two IP's
<> more
<> than the 192.168.0.0/16 net but I don't know how ... any ideas ?
<>
<> the Ip's are 129.37.0.113 and 32.97.118.242
<>
<> thanks,
<>
<> Rhaoni Chiu Pereira
<>
<>
<>
<> Visit our website at http://www.p21.com/visit
<> The information in this e-mail is confidential and may contain legally
<> privileged information. It is intended solely for the person or entity to
<> which it is addressed. Access to this e-mail by anyone else is
<> unauthorized. If you are not the intended recipient, any disclosure,
<> copying, distribution, action taken, or action omitted to be taken in
<> reliance on it, is prohibited and may be unlawful. If you received this
<> e-mail in error, please contact the sender and delete the material from any
<> computer.
<>
<>
<>
^ permalink raw reply [flat|nested] 8+ messages in thread* RE: Multi Addressing... is it possible ?
2004-04-30 19:58 ` Rhaoni Chiu Pereira
@ 2004-04-30 20:12 ` John A. Sullivan III
2004-04-30 20:18 ` Antony Stone
1 sibling, 0 replies; 8+ messages in thread
From: John A. Sullivan III @ 2004-04-30 20:12 UTC (permalink / raw)
To: Rhaoni Chiu Pereira; +Cc: Aldo Lagana, netfilter
It is the ESP form of IPSec and, you are correct, it does not use a
port. You would simply specify the protocol, e.g.,
iptables -t nat -I PREROUTING -d 129.37.0.111 -p 50 -j ACCEPT
You may find it helpful to run through an iptables tutorial. I found
Oskar Andreasson's (listed on the netfilter.org site) to be very
helpful. There is also a slide show on using iptables in the training
section on http://iscs.sourceforge.net
Good luck - John
On Fri, 2004-04-30 at 15:58, Rhaoni Chiu Pereira wrote:
> Hi List,
>
> Aldo, thanks for the tip... I didn't know about the -I parameter... I still
> have a doubt about a protocol type, I received a documentation of some rules
> that I have to create in my firewall and it has a ESP(50) Protocol and no port
> listed so I don't know how to make it using iptables! Does anyone know what is
> this ESP(50) Protocol ?
>
> Atenciosamente,
>
> Rhaoni Chiu Pereira
> Sistêmica Computadores
>
> Visite-nos na Web: http://sistemica.info
> Fone/Fax : +55 51 3328 1122
>
>
>
> Citando Aldo Lagana <ALagana@p21.com>:
>
<snip>
--
Open Source Development Corporation
Financially Sustainable open source development
http://www.opensourcedevelopmentcorp.com
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Multi Addressing... is it possible ?
2004-04-30 19:58 ` Rhaoni Chiu Pereira
2004-04-30 20:12 ` John A. Sullivan III
@ 2004-04-30 20:18 ` Antony Stone
1 sibling, 0 replies; 8+ messages in thread
From: Antony Stone @ 2004-04-30 20:18 UTC (permalink / raw)
To: netfilter
On Friday 30 April 2004 8:58 pm, Rhaoni Chiu Pereira wrote:
> Hi List,
>
> Aldo, thanks for the tip... I didn't know about the -I parameter... I
> still have a doubt about a protocol type, I received a documentation of
> some rules that I have to create in my firewall and it has a ESP(50)
> Protocol and no port listed so I don't know how to make it using iptables!
> Does anyone know what is this ESP(50) Protocol ?
ESP is Encapsulated Security Payload, used by IPsec.
http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2406.html
Regards,
Antony.
--
How I want a drink, alcoholic of course, after the heavy chapters involving
quantum mechanics.
- 3.14159265358979
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Multi Addressing... is it possible ?
@ 2004-04-30 18:45 Rhaoni Chiu Pereira
2004-04-30 18:57 ` Antony Stone
0 siblings, 1 reply; 8+ messages in thread
From: Rhaoni Chiu Pereira @ 2004-04-30 18:45 UTC (permalink / raw)
To: netfilter
Hi List,
I must implement a few firewallrules but I'm a little bit lost. I use a
transparent proxy with this following rule:
IPTABLES -t nat -A PREROUTING -p tcp -i eth1 -s 192.168.0.0/16 -d !
192.168.0.0/16 --dport 80 -j REDIRECT --to-port 3128
The -d parameter is because I have a few VPN's and my squid uses a
tcp_outgoing_address, so ... Now I must create some exceptions for two IP's more
than the 192.168.0.0/16 net but I don't know how ... any ideas ?
the Ip's are 129.37.0.113 and 32.97.118.242
thanks,
Rhaoni Chiu Pereira
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: Multi Addressing... is it possible ?
2004-04-30 18:45 Rhaoni Chiu Pereira
@ 2004-04-30 18:57 ` Antony Stone
0 siblings, 0 replies; 8+ messages in thread
From: Antony Stone @ 2004-04-30 18:57 UTC (permalink / raw)
To: netfilter
On Friday 30 April 2004 7:45 pm, Rhaoni Chiu Pereira wrote:
> Hi List,
>
> I must implement a few firewallrules but I'm a little bit lost. I use a
> transparent proxy with this following rule:
>
> IPTABLES -t nat -A PREROUTING -p tcp -i eth1 -s 192.168.0.0/16 -d !
> 192.168.0.0/16 --dport 80 -j REDIRECT --to-port 3128
>
> The -d parameter is because I have a few VPN's and my squid uses a
> tcp_outgoing_address, so ... Now I must create some exceptions for two IP's
> more than the 192.168.0.0/16 net but I don't know how ... any ideas ?
iptables -N mytable
iptables -A PREROUTING -t nat -p tcp -i eth1 -s 192.168.0.0/16 --dport 80 -j
mytable
iptables -A mytable -t nat -d 192.168.0.0/16 -j RETURN
iptables -A mytable -t nat -d 129.37.0.113 -j RETURN
iptables -A mytable -t nat 32.97.118.242 -j RETURN
iptables -A mytable -t nat -j REDIRECT --to 3128
Regards,
Antony.
--
These clients are often infected by viruses or other malware and need to be
fixed. If not, the user at that client needs to be fixed...
- Henrik Nordstrom, on Squid users' mailing list
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Multi Addressing... is it possible ?
@ 2004-04-30 18:45 Rhaoni Chiu Pereira
0 siblings, 0 replies; 8+ messages in thread
From: Rhaoni Chiu Pereira @ 2004-04-30 18:45 UTC (permalink / raw)
To: netfilter
Hi List,
I must implement a few firewallrules but I'm a little bit lost. I use a
transparent proxy with this following rule:
IPTABLES -t nat -A PREROUTING -p tcp -i eth1 -s 192.168.0.0/16 -d !
192.168.0.0/16 --dport 80 -j REDIRECT --to-port 3128
The -d parameter is because I have a few VPN's and my squid uses a
tcp_outgoing_address, so ... Now I must create some exceptions for two IP's more
than the 192.168.0.0/16 net but I don't know how ... any ideas ?
the Ip's are 129.37.0.113 and 32.97.118.242
thanks,
Rhaoni Chiu Pereira
^ permalink raw reply [flat|nested] 8+ messages in thread* Multi Addressing... is it possible ?
@ 2004-04-30 18:45 Rhaoni Chiu Pereira
0 siblings, 0 replies; 8+ messages in thread
From: Rhaoni Chiu Pereira @ 2004-04-30 18:45 UTC (permalink / raw)
To: netfilter
Hi List,
I mus implement a few firewallrules but I'm a little bit lost. I use a
transparent proxy with this following rule:
IPTABLES -t nat -A PREROUTING -p tcp -i eth1 -s 192.168.0.0/16 -d !
192.168.0.0/16 --dport 80 -j REDIRECT --to-port 3128
The -d parameter is because I have a few VPN's and my squid uses a
tcp_outgoing_address, so ... Now I must create some exceptions for two IP's more
than the 192.168.0.0/16 net but I don't know how ... any ideas ?
the Ip's are 129.37.0.113 and 32.97.118.242
thanks,
Rhaoni Chiu Pereira
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2004-04-30 20:18 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-04-30 18:59 Multi Addressing... is it possible ? Aldo Lagana
2004-04-30 19:58 ` Rhaoni Chiu Pereira
2004-04-30 20:12 ` John A. Sullivan III
2004-04-30 20:18 ` Antony Stone
-- strict thread matches above, loose matches on Subject: below --
2004-04-30 18:45 Rhaoni Chiu Pereira
2004-04-30 18:57 ` Antony Stone
2004-04-30 18:45 Rhaoni Chiu Pereira
2004-04-30 18:45 Rhaoni Chiu Pereira
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.