From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jason Opperisano Subject: Re: port 80 Redirection to differnet ip!!! Date: Thu, 16 Sep 2004 08:51:37 -0400 Sender: netfilter-bounces@lists.netfilter.org Message-ID: <1095339097.2045.25.camel@wolfpack.ljm.dom> References: Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii" To: netfilter@lists.netfilter.org On Thu, 2004-09-16 at 08:13, Murugavel Thiruvengadam wrote: > hi > > I am planning to implement setup like below > > > > users (all r in public ip) ------> pvt ip linux auth server (nated > with pub ip in pix)---- pix- bbrouter-- Internet > > cache server is lying in the same auth server segment > > we are planing to cache all the port 80 traffic so we decided to put > cache enginee(( ip spoof enabled) on different machine > > my question is when ever any dport 80 request come and hit in auth > server. i want to redirect into cache box without nating source ip. > bcs if we change the the source ip to cache enginee. > > all the request will be generated by cache enginee. i don't want it. > > i want to simulate port 80 redirection in L4 switch in iptables. > > > when any port 80 come and hit the auth box just put into the the cache enginee. > > The below option will redirect into the same machine > /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT > --to-port 8080 > > the below option will change the destation ip and dport > iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT > --to-destination 192.168.1:8080 > > Any suggestion welcome. it sounds like you want WCCP. google for it and/or take a look at: http://www.squid-cache.org/WCCP-support/Linux/ there's also a transparent proxy patch in POM (tproxy) that may or may not be of use to you (i've never tried it). -j -- Jason Opperisano