From: Joel Newkirk <netfilter@newkirk.us>
To: Linux User <linux_user_78@hotmail.com>, netfilter@lists.netfilter.org
Subject: Re: forward traffic web to squid server
Date: Thu, 13 Feb 2003 01:46:37 -0500 [thread overview]
Message-ID: <200302130146.37200.netfilter@newkirk.us> (raw)
In-Reply-To: <F83liatzHAC7h6gU2vL00027cec@hotmail.com>
On Wednesday 12 February 2003 05:24 pm, Linux User wrote:
> Hi friends,
>
> In my server RedHat-8.0, I have installed script-firewall with
> iptables, this firewall-server has connection to Internet and the
> users of the internal network correctly work, now my restlessness is
> in which I have installed a squid server in the internal network but
> that simultaneously this connected by another network to a server with
> line ADSL to Internet, my question is as I can configure my firewall
> to forward all traffic web to my squid server that this in the
> internal network?
You can use a nat PREROUTING rule to DNAT all HTTP traffic to the squid
box, then out its internet connection (if so configured), and the rest
of the traffic will go out the internet connection on the firewall box.
HOWEVER:
1 - you must also SNAT the traffic that goes to the squid server in nat
POSTROUTING to ensure that return traffic comes back to the firewall box
from the squid server, NOT directly to the clients.
2 - hopefully HTTP is the only connections the squid box will accept
and/or forward, otherwise your firewall covers the front of the internal
network while leaving its butt exposed...
The rules you'd need are:
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT
--to 192.168.100.254
/sbin/iptables -t nat -A POSTROUTING -p tcp --dport 80 -d 192.168.100.254
-j SNAT --to 192.168.100.1
plus appropriate FORWARD rules, which you may already have in place.
j
> __________
>
> |Internet |
> |
> |_________|
>
> ___|____200.37.245.159
>
> |Server |
> |with |
> | ADSL |
> |_______|192.168.105.1
>
> __|____
>
> |Squid |192.168.105.2
> |Server |
> |_______|
> |
> |192.168.100.254
> |
> |___________________________INTERNAL NETWORK
>
> ___|_____
>
> |Firewall|192.168.100.1
> |Server |___________________________INTERNET
> |_______ |
>
> I can configure my firewall to forward all traffic web to my squid
> server that this in the internal network?
>
>
> THANKS
> Joseph
>
>
> _________________________________________________________________
> Charla con tus amigos en línea mediante MSN Messenger:
> http://messenger.yupimsn.com/
next prev parent reply other threads:[~2003-02-13 6:46 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-12 22:24 forward traffic web to squid server Linux User
2003-02-13 6:46 ` Joel Newkirk [this message]
2003-02-25 14:37 ` H323 Dhyanesh Ramaiya
2003-02-25 14:58 ` H323 Eric Wood
2003-03-02 10:41 ` H323 Rasmus Reinholdt Nielsen
2003-03-02 12:40 ` H323 Rasmus Bøg Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200302130146.37200.netfilter@newkirk.us \
--to=netfilter@newkirk.us \
--cc=linux_user_78@hotmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.