redirect all HTTP traffic

All of lore.kernel.org
 help / color / mirror / Atom feed

* redirect all HTTP traffic
@ 2006-10-04 10:06 Brent Clark
  2006-10-04 10:15 ` Brent Clark
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Brent Clark @ 2006-10-04 10:06 UTC (permalink / raw)
  To: netfilter

Hey all

Ive been trying to redirect all HTTP traffic to my newly built proxy (squid).

But I cant seem to get it working.

This is what I have

$IPT -t nat -A PREROUTING -i eth1 -s 192.168.111.0/24 -p tcp --dport 80 -j DNAT --to 192.168.111.9:3128
$IPT -t nat -A POSTROUTING -o eth1 -s 192.168.111.0/24 -j SNAT --to 192.168.111.10

and

$IPT -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -t filter -A FORWARD -i eth1 -o eth1 -p tcp --dport 80 -m state --state NEW -j ACCEPT


If anyone could assit, I would be most grateful.

Kind Regards
Brent Clark


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: redirect all HTTP traffic
  2006-10-04 10:06 redirect all HTTP traffic Brent Clark
@ 2006-10-04 10:15 ` Brent Clark
  2006-10-04 10:30 ` Pascal Hambourg
  2006-10-04 12:34 ` redirect all HTTP traffic (nfcan: addressed to exclusive sender for this address) Jim Laurino
  2 siblings, 0 replies; 5+ messages in thread
From: Brent Clark @ 2006-10-04 10:15 UTC (permalink / raw)
  To: netfilter

Brent Clark wrote:
> $IPT -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> $IPT -t filter -A FORWARD -i eth1 -o eth1 -p tcp --dport 80 -m state 
> --state NEW -j ACCEPT

sorry my forward was wrong.

Should have been 3128 as opposed to 80

Thanks
Brent



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: redirect all HTTP traffic
  2006-10-04 10:06 redirect all HTTP traffic Brent Clark
  2006-10-04 10:15 ` Brent Clark
@ 2006-10-04 10:30 ` Pascal Hambourg
  2006-10-04 12:32   ` Brent Clark
  2006-10-04 12:34 ` redirect all HTTP traffic (nfcan: addressed to exclusive sender for this address) Jim Laurino
  2 siblings, 1 reply; 5+ messages in thread
From: Pascal Hambourg @ 2006-10-04 10:30 UTC (permalink / raw)
  To: netfilter

Hello,

Brent Clark a écrit :
> 
> Ive been trying to redirect all HTTP traffic to my newly built proxy 
> (squid).
> 
> But I cant seem to get it working.

Please elaborate. What's happening exactly ?

> This is what I have
> 
> $IPT -t nat -A PREROUTING -i eth1 -s 192.168.111.0/24 -p tcp --dport 80 
> -j DNAT --to 192.168.111.9:3128
> $IPT -t nat -A POSTROUTING -o eth1 -s 192.168.111.0/24 -j SNAT --to 
> 192.168.111.10
> 
> and
> 
> $IPT -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> $IPT -t filter -A FORWARD -i eth1 -o eth1 -p tcp --dport 3128 -m state 
> --state NEW -j ACCEPT

It seems that the proxy is in the same network as the clients. Does it 
use the same gateway too ? If so, you need to set a no-DNAT exception in 
PREROUTING for the proxy source address and a rule in FORWARD to allow 
NEW packets from the proxy to the outside.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: redirect all HTTP traffic
  2006-10-04 10:30 ` Pascal Hambourg
@ 2006-10-04 12:32   ` Brent Clark
  0 siblings, 0 replies; 5+ messages in thread
From: Brent Clark @ 2006-10-04 12:32 UTC (permalink / raw)
  To: netfilter

Pascal Hambourg wrote:

> Please elaborate. What's happening exactly ?

HI Pascal

A Big thanks for replying I actually got it working (Which proved to be a solution I dont need).

I specified the wrong port number.

Thanks again
Kind Regards
Brent Clark



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: redirect all HTTP traffic (nfcan: addressed to exclusive sender for this address)
  2006-10-04 10:06 redirect all HTTP traffic Brent Clark
  2006-10-04 10:15 ` Brent Clark
  2006-10-04 10:30 ` Pascal Hambourg
@ 2006-10-04 12:34 ` Jim Laurino
  2 siblings, 0 replies; 5+ messages in thread
From: Jim Laurino @ 2006-10-04 12:34 UTC (permalink / raw)
  To: netfilter

On 2006.10.04 06:06, Brent Clark - bclark@eccotours.co.za wrote:
> Hey all
> 
> Ive been trying to redirect all HTTP traffic to my newly built proxy  
> (squid).
> 
> But I cant seem to get it working.
> 
> This is what I have
> 
> $IPT -t nat -A PREROUTING -i eth1 -s 192.168.111.0/24 -p tcp --dport 80 -j  
> DNAT --to 192.168.111.9:3128
> $IPT -t nat -A POSTROUTING -o eth1 -s 192.168.111.0/24 -j SNAT --to  
> 192.168.111.10
> 
> and
> 
> $IPT -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> $IPT -t filter -A FORWARD -i eth1 -o eth1 -p tcp --dport 80 -m state --state  
> NEW -j ACCEPT

The prerouting rule changed the destination port from 80 to 3128.
Try accepting new traffic on 3128 in the filter table.

-- 
Jim Laurino
nfcan.x.jimlaur@dfgh.net
Please reply to the list.
Only mail from the listserver reaches this address.


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2006-10-04 12:34 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-10-04 10:06 redirect all HTTP traffic Brent Clark
2006-10-04 10:15 ` Brent Clark
2006-10-04 10:30 ` Pascal Hambourg
2006-10-04 12:32   ` Brent Clark
2006-10-04 12:34 ` redirect all HTTP traffic (nfcan: addressed to exclusive sender for this address) Jim Laurino

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.