Setting up a proxy with iptables

Setting up a proxy with iptables

[Shawn Fitzgerald]

Hi,

I am trying to set up a proxy with iptables nothing seems to work. I  
would like to forward outbound traffic destined to port 80 on an  
external ip address to localhost port 8080.

Thanks in advance for the help.

Re:Setting up a proxy with iptables

[linuxmc]

Hi, have you try with a rule like

$IPTABLES -t nat -A PREROUTING  -p tcp -m tcp   --dport 80 -j DNAT --to-destination 82.109.120.222:8080

?

Best regards !
Marco 


---------- Initial Header -----------

From      : netfilter-owner@vger.kernel.org
To          : netfilter@vger.kernel.org
Cc          : 
Date      : Fri, 1 Aug 2008 16:24:34 -0700
Subject : Setting up a proxy with iptables







> Hi,
> 
> I am trying to set up a proxy with iptables nothing seems to work. I  
> would like to forward outbound traffic destined to port 80 on an  
> external ip address to localhost port 8080.
> 
> Thanks in advance for the help.
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

Re: Setting up a proxy with iptables

[Michele Petrazzo - Unipex srl]

linuxmc@libero.it wrote:
> Hi, have you try with a rule like
> 
> $IPTABLES -t nat -A PREROUTING  -p tcp -m tcp   --dport 80 -j DNAT
> --to-destination 82.109.120.222:8080
> 
> ?
> 
> Best regards ! Marco
> 

Should be better the redirect target:

$IPTABLES -t nat -A PREROUTING -i $INTERNAL -p tcp --dport 80 -j 
REDIRECT --to-ports $PROXY_PORT
$IPTABLES -t nat -A PREROUTING -i $INTERNAL -p tcp --dport 443 -j 
REDIRECT --to-ports $PROXY_PORT


Ciao,
MIchele

Re: Setting up a proxy with iptables

[Shawn Fitzgerald]

I did an iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
REDIRECT --to-ports 8080 and nothing. Just to make sure the firewall
was up I entered iptables -A OUTPUT -j DROP and it did block all
outbound traffic.

What am I missing here?

Cheers, Shawn

On Sat, Aug 2, 2008 at 1:04 AM, Michele Petrazzo - Unipex srl
<michele.petrazzo@unipex.it> wrote:
> linuxmc@libero.it wrote:
>>
>> Hi, have you try with a rule like
>>
>> $IPTABLES -t nat -A PREROUTING  -p tcp -m tcp   --dport 80 -j DNAT
>> --to-destination 82.109.120.222:8080
>>
>> ?
>>
>> Best regards ! Marco
>>
>
> Should be better the redirect target:
>
> $IPTABLES -t nat -A PREROUTING -i $INTERNAL -p tcp --dport 80 -j REDIRECT
> --to-ports $PROXY_PORT
> $IPTABLES -t nat -A PREROUTING -i $INTERNAL -p tcp --dport 443 -j REDIRECT
> --to-ports $PROXY_PORT
>
>
> Ciao,
> MIchele
>

Re: Setting up a proxy with iptables

[Michele Petrazzo - Unipex srl]

Shawn Fitzgerald wrote:
> I did an iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j 
> REDIRECT --to-ports 8080 and nothing. Just to make sure the firewall 
> was up I entered iptables -A OUTPUT -j DROP and it did block all 
> outbound traffic.
> 
> What am I missing here?
> 

Nothing it's not an answer.
How it's your lan? How are connected your eth0? Have you log the
incoming packets *before* redirect? Have you tried to tcpdump?
Too little infos...

Michele

Re: Setting up a proxy with iptables

[Shawn Fitzgerald]

I have not logged any incoming packets. I only want to redirect
outbound traffic to localhost 8080. I have only one nic card, eth0 and
it is up. Is it possible that some kernel configuration is causing
problems?

Thanks, Shawn

On Mon, Aug 4, 2008 at 11:31 PM, Michele Petrazzo - Unipex srl
<michele.petrazzo@unipex.it> wrote:
> Shawn Fitzgerald wrote:
>>
>> I did an iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
>> REDIRECT --to-ports 8080 and nothing. Just to make sure the firewall was up
>> I entered iptables -A OUTPUT -j DROP and it did block all outbound traffic.
>>
>> What am I missing here?
>>
>
> Nothing it's not an answer.
> How it's your lan? How are connected your eth0? Have you log the
> incoming packets *before* redirect? Have you tried to tcpdump?
> Too little infos...
>
> Michele
>

Re: Setting up a proxy with iptables

[Billy Crook]

We all thought outbound meant outbound from your network.  Your use of
-i eth0 also gave that impression since -i isn't valid for matching
traffic originating on your own machine and travelling out onto the
network.  The PREROUTING chain is never matched by traffic originating
on your own box and heading outward.  Only the OUTPUT and POSTROUTING
chains are.  The REDIRECT target is valid only in REROUTING and
OUTPUT.  Try using it in OUTPUT.

On Tue, Aug 5, 2008 at 11:46, Shawn Fitzgerald <sargon97@gmail.com> wrote:
> I have not logged any incoming packets. I only want to redirect
> outbound traffic to localhost 8080. I have only one nic card, eth0 and
> it is up. Is it possible that some kernel configuration is causing
> problems?
>
> Thanks, Shawn
>
> On Mon, Aug 4, 2008 at 11:31 PM, Michele Petrazzo - Unipex srl
> <michele.petrazzo@unipex.it> wrote:
>> Shawn Fitzgerald wrote:
>>>
>>> I did an iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
>>> REDIRECT --to-ports 8080 and nothing. Just to make sure the firewall was up
>>> I entered iptables -A OUTPUT -j DROP and it did block all outbound traffic.
>>>
>>> What am I missing here?
>>>
>>
>> Nothing it's not an answer.
>> How it's your lan? How are connected your eth0? Have you log the
>> incoming packets *before* redirect? Have you tried to tcpdump?
>> Too little infos...
>>
>> Michele
>>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>