redirect all HTTP traffic

Linux Netfilter discussions
 help / color / mirror / Atom feed

* redirect all HTTP traffic
@ 2006-10-04 10:06 Brent Clark
  2006-10-04 10:15 ` Brent Clark
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Brent Clark @ 2006-10-04 10:06 UTC (permalink / raw)
  To: netfilter

Hey all

Ive been trying to redirect all HTTP traffic to my newly built proxy (squid).

But I cant seem to get it working.

This is what I have

$IPT -t nat -A PREROUTING -i eth1 -s 192.168.111.0/24 -p tcp --dport 80 -j DNAT --to 192.168.111.9:3128
$IPT -t nat -A POSTROUTING -o eth1 -s 192.168.111.0/24 -j SNAT --to 192.168.111.10

and

$IPT -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -t filter -A FORWARD -i eth1 -o eth1 -p tcp --dport 80 -m state --state NEW -j ACCEPT


If anyone could assit, I would be most grateful.

Kind Regards
Brent Clark


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: redirect all HTTP traffic
  2006-10-04 10:06 redirect all HTTP traffic Brent Clark
@ 2006-10-04 10:15 ` Brent Clark
  2006-10-04 10:30 ` Pascal Hambourg
  2006-10-04 12:34 ` redirect all HTTP traffic (nfcan: addressed to exclusive sender for this address) Jim Laurino
  2 siblings, 0 replies; 5+ messages in thread
From: Brent Clark @ 2006-10-04 10:15 UTC (permalink / raw)
  To: netfilter

Brent Clark wrote:
> $IPT -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> $IPT -t filter -A FORWARD -i eth1 -o eth1 -p tcp --dport 80 -m state 
> --state NEW -j ACCEPT

sorry my forward was wrong.

Should have been 3128 as opposed to 80

Thanks
Brent



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: redirect all HTTP traffic
  2006-10-04 10:06 redirect all HTTP traffic Brent Clark
  2006-10-04 10:15 ` Brent Clark
@ 2006-10-04 10:30 ` Pascal Hambourg
  2006-10-04 12:32   ` Brent Clark
  2006-10-04 12:34 ` redirect all HTTP traffic (nfcan: addressed to exclusive sender for this address) Jim Laurino
  2 siblings, 1 reply; 5+ messages in thread
From: Pascal Hambourg @ 2006-10-04 10:30 UTC (permalink / raw)
  To: netfilter

Hello,

Brent Clark a écrit :
> 
> Ive been trying to redirect all HTTP traffic to my newly built proxy 
> (squid).
> 
> But I cant seem to get it working.

Please elaborate. What's happening exactly ?

> This is what I have
> 
> $IPT -t nat -A PREROUTING -i eth1 -s 192.168.111.0/24 -p tcp --dport 80 
> -j DNAT --to 192.168.111.9:3128
> $IPT -t nat -A POSTROUTING -o eth1 -s 192.168.111.0/24 -j SNAT --to 
> 192.168.111.10
> 
> and
> 
> $IPT -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> $IPT -t filter -A FORWARD -i eth1 -o eth1 -p tcp --dport 3128 -m state 
> --state NEW -j ACCEPT

It seems that the proxy is in the same network as the clients. Does it 
use the same gateway too ? If so, you need to set a no-DNAT exception in 
PREROUTING for the proxy source address and a rule in FORWARD to allow 
NEW packets from the proxy to the outside.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: redirect all HTTP traffic
  2006-10-04 10:30 ` Pascal Hambourg
@ 2006-10-04 12:32   ` Brent Clark
  0 siblings, 0 replies; 5+ messages in thread
From: Brent Clark @ 2006-10-04 12:32 UTC (permalink / raw)
  To: netfilter

Pascal Hambourg wrote:

> Please elaborate. What's happening exactly ?

HI Pascal

A Big thanks for replying I actually got it working (Which proved to be a solution I dont need).

I specified the wrong port number.

Thanks again
Kind Regards
Brent Clark



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: redirect all HTTP traffic (nfcan: addressed to exclusive sender for this address)
  2006-10-04 10:06 redirect all HTTP traffic Brent Clark
  2006-10-04 10:15 ` Brent Clark
  2006-10-04 10:30 ` Pascal Hambourg
@ 2006-10-04 12:34 ` Jim Laurino
  2 siblings, 0 replies; 5+ messages in thread
From: Jim Laurino @ 2006-10-04 12:34 UTC (permalink / raw)
  To: netfilter

On 2006.10.04 06:06, Brent Clark - bclark@eccotours.co.za wrote:
> Hey all
> 
> Ive been trying to redirect all HTTP traffic to my newly built proxy  
> (squid).
> 
> But I cant seem to get it working.
> 
> This is what I have
> 
> $IPT -t nat -A PREROUTING -i eth1 -s 192.168.111.0/24 -p tcp --dport 80 -j  
> DNAT --to 192.168.111.9:3128
> $IPT -t nat -A POSTROUTING -o eth1 -s 192.168.111.0/24 -j SNAT --to  
> 192.168.111.10
> 
> and
> 
> $IPT -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> $IPT -t filter -A FORWARD -i eth1 -o eth1 -p tcp --dport 80 -m state --state  
> NEW -j ACCEPT

The prerouting rule changed the destination port from 80 to 3128.
Try accepting new traffic on 3128 in the filter table.

-- 
Jim Laurino
nfcan.x.jimlaur@dfgh.net
Please reply to the list.
Only mail from the listserver reaches this address.


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2006-10-04 12:34 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-10-04 10:06 redirect all HTTP traffic Brent Clark
2006-10-04 10:15 ` Brent Clark
2006-10-04 10:30 ` Pascal Hambourg
2006-10-04 12:32   ` Brent Clark
2006-10-04 12:34 ` redirect all HTTP traffic (nfcan: addressed to exclusive sender for this address) Jim Laurino

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox