Linux Netfilter discussions
 help / color / mirror / Atom feed
* port 80 redirection
@ 2003-08-11 10:59 cc
  0 siblings, 0 replies; 2+ messages in thread
From: cc @ 2003-08-11 10:59 UTC (permalink / raw)
  To: Netfilter

Hi,

I'm not sure if this is OT here, but can
someone comment on the following?  It is
certainly confusing if not convoluted. There's
always a simple solution, but I'm just
curious as to whether or not such a set
up would work.

I have a LAN beheind a NAT'd firewall
with iptables 1.2.8.  Currently,
none of the users are proxied.  How
do I transparently proxy the users,
but with their workstations not
needing any proxy changes?

I had an idea, but don't know if
it's do-able (or even should I even
bother)?

ie.

LAN (port 80) ->
       IN                              OUT
->(80 eth1  ) Firewall          (eth1 8180)
->(8180 eth0) Proxy Machine     (eth0 8181)
->(8181 eth1) Firewall          (80  eth0) -> 'Net

So when a packet comes back, it goes :

'Net (port 80) ->
       IN                             Out
->(80 eth0 in)    Firewall          (eth1 8181)
->(8181 eth0 in)  LAN Proxy         (eth0 8180)
->(8180 eth1 in)  Firewall          (eth1 80) -> LAN

This way, I can transparently proxy the users
and I wouldn't need to fiddle around with their
workstation settings.

Any pointers appreciated.

Edmund









^ permalink raw reply	[flat|nested] 2+ messages in thread
* port 80 redirection
@ 2003-08-14  1:45 cc
  0 siblings, 0 replies; 2+ messages in thread
From: cc @ 2003-08-14  1:45 UTC (permalink / raw)
  To: Netfilter Group

[-- Attachment #1: Type: text/plain, Size: 808 bytes --]

Hi,

(This isn't a repost of my original post a few days ago.  I just
wanted to mention that I lost the two response from those who
sent me email regarding my issue.  I had used my other
email address (which conveniently was also subscribed to this
ML for the reason being that I'm at two different places during
certain parts of the month so I didn't want to miss anything.)

Anyway, someone emailed me regarding that I could always
redirect all outgoing POrt 80 traffic to the Squid-based
machine.

Can that person please repost?  Sorry for the inconvenience.
I should've forwarded my email to myself.

Thanks.








** All information contained in this email is strictly     **
** confidential and may be used by the intended receipient **
** only.                                                   **


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-08-14  1:45 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-08-11 10:59 port 80 redirection cc
  -- strict thread matches above, loose matches on Subject: below --
2003-08-14  1:45 cc

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox