From: Mike Hendrie <mike@hendrienet.com>
To: Vigneswaran R <vignesh@atc.tcs.com>
Cc: netfilter@vger.kernel.org
Subject: Re: Proxy Filter iptable Settings
Date: Wed, 27 Apr 2011 08:41:00 -0500 [thread overview]
Message-ID: <BANLkTi=y37mzCOenHg8EbR_u9PpoTVceGA@mail.gmail.com> (raw)
In-Reply-To: <4DB817A5.3020604@atc.tcs.com>
Alright. Please let me explain.
I am implementing squid in the school.
Squid box 172.20.0.3
All workstations gateway are 172.20.0.3
All workstations proxy settings are 172.30.0.3:8080
The proxy settings are working fine for blocking content, however, I
am having the following issues:
The school's web server is hosted locally. When the workstations try
to access the site via the public domain name, it fails.
Also, there are several applications the school uses. These
applications range from port 5000-5005.
What would you suggest?
Thank you,
mike
On Wed, Apr 27, 2011 at 8:18 AM, Vigneswaran R <vignesh@atc.tcs.com> wrote:
> On 04/27/2011 06:15 PM, Mike Hendrie wrote:
>>
>> I tried:
>> sudo iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j
>> REDIRECT --to- 8080
>> iptables -t nat -A POSTROUTING -s 172.20.0.0/16 -j MASQUERADE
>>
>> And still ended up with the same message
>
> You should not have both rules in place. Basically Andy's suggestion and my
> suggestion are based on two different assumptions. Please select one, based
> on your scenario.
>
> Scenario #1 Running Web Proxy
>
> If you are running a web proxy like squid, please ensure that it is
> listening on the correct port (seems, 8080 in your case), and configured
> correctly (to allow your subnet etc).
>
> Also, ensure that the machines on the LAN have the proxy settings in place,
> for various applications like web browser, email client etc.
>
> I am not sure why do you need an iptables rule in this scenario. Are you
> looking for something like, the machines on the LAN won't have proxy
> settings for different applications, but still have to reach Internet
> through web proxy?
>
> Scenario #2 Configuring server as the Internet Gateway
>
> If you want to configure your server as the Internet Gateway, please add the
> following iptables rule to the server,
>
> iptables -t nat -A POSTROUTING -s 172.20.0.0/16 -j MASQUERADE
>
> Also, ensure that all the machines in the LAN should point your server as
> the default gateway.
>
> ip ro add default via 172.20.1.1
>
> Here, I assume that your server's internal IP is 172.20.1.1.
>
>
> Regards,
> Vignesh
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
next prev parent reply other threads:[~2011-04-27 13:41 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-27 3:07 Proxy Filter iptable Settings Mike Hendrie
2011-04-27 6:16 ` Andrew Beverley
2011-04-27 11:26 ` Mike Hendrie
2011-04-27 12:17 ` Vigneswaran R
2011-04-27 12:45 ` Mike Hendrie
2011-04-27 13:18 ` Vigneswaran R
2011-04-27 13:41 ` Mike Hendrie [this message]
2011-04-27 17:24 ` Andrew Beverley
2011-04-28 6:36 ` Vigneswaran R
2011-04-28 21:43 ` Mike Hendrie
2011-04-29 9:16 ` Vigneswaran R
2011-04-30 8:02 ` Andrew Beverley
2011-04-30 16:50 ` /dev/rob0
2011-04-30 17:47 ` Mike Hendrie
2011-04-30 18:02 ` Andrew Beverley
2011-04-30 18:23 ` Mike Hendrie
2011-04-30 19:08 ` Andrew Beverley
2011-04-30 19:24 ` /dev/rob0
2011-05-03 17:23 ` Mike Hendrie
2011-04-30 18:04 ` Jan Engelhardt
2011-04-30 18:28 ` /dev/rob0
2011-04-27 16:46 ` Mike Hendrie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='BANLkTi=y37mzCOenHg8EbR_u9PpoTVceGA@mail.gmail.com' \
--to=mike@hendrienet.com \
--cc=netfilter@vger.kernel.org \
--cc=vignesh@atc.tcs.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).