Iptables: rules not applied? - Networking

This is a discussion on Iptables: rules not applied? - Networking ; Hello, I'm using iptables to redirect all the TCP traffic to a transparent proxy. It seems taht the rules are there: # iptables -t nat --list Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- anywhere !X.X.X.X ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Iptables: rules not applied?

  1. Iptables: rules not applied?

    Hello,
    I'm using iptables to redirect all the TCP traffic to a transparent
    proxy. It seems taht the rules are there:
    # iptables -t nat --list
    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination
    DNAT tcp -- anywhere !X.X.X.X to:X.X.X.X:Y

    Chain POSTROUTING (policy ACCEPT)
    target prot opt source destination
    MASQUERADE all -- anywhere anywhere

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    But when I do, for example, an HTTP request on port 80, it is not
    redirected to the proxy.

    I'm using Centos 5 on VMware


    The script I use:
    #!/bin/sh

    PROXY_IP="X.X.X.X"
    PROXY_PORT="Y"
    LAN="eth0"

    # Flush
    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    iptables -t mangle -F
    iptables -t mangle -X

    # Load modules
    modprobe ip_conntrack
    modprobe ip_conntrack_ftp
    # For win xp ftp client
    echo 1 > /proc/sys/net/ipv4/ip_forward


    # Re-routing

    iptables -t nat -A PREROUTING -i $LAN -p tcp -d ! $PROXY_IP -j DNAT --
    to $PROXY_IP:$PROXY_PORT
    iptables -t nat -A POSTROUTING -j MASQUERADE

    Any idea waht I am missing?

    Thank you
    Julien

  2. Re: Iptables: rules not applied?

    On Sun, 03 Aug 2008 00:25:00 -0700, julien passed an empty day by writing:

    > Hello,
    > I'm using iptables to redirect all the TCP traffic to a transparent
    > proxy. It seems taht the rules are there: # iptables -t nat --list
    > Chain PREROUTING (policy ACCEPT)
    > target prot opt source destination DNAT tcp --
    > anywhere !X.X.X.X to:X.X.X.X:Y
    >
    > Chain POSTROUTING (policy ACCEPT)
    > target prot opt source destination MASQUERADE all --
    > anywhere anywhere
    >
    > Chain OUTPUT (policy ACCEPT)
    > target prot opt source destination
    >
    > But when I do, for example, an HTTP request on port 80, it is not
    > redirected to the proxy.
    >
    > I'm using Centos 5 on VMware
    >
    >
    > The script I use:
    > #!/bin/sh
    >
    > PROXY_IP="X.X.X.X"
    > PROXY_PORT="Y"
    > LAN="eth0"
    >
    > # Flush
    > iptables -F
    > iptables -X
    > iptables -t nat -F
    > iptables -t nat -X
    > iptables -t mangle -F
    > iptables -t mangle -X
    >
    > # Load modules
    > modprobe ip_conntrack
    > modprobe ip_conntrack_ftp
    > # For win xp ftp client
    > echo 1 > /proc/sys/net/ipv4/ip_forward
    >
    >
    > # Re-routing
    >
    > iptables -t nat -A PREROUTING -i $LAN -p tcp -d ! $PROXY_IP -j DNAT --
    > to $PROXY_IP:$PROXY_PORT
    > iptables -t nat -A POSTROUTING -j MASQUERADE
    >
    > Any idea waht I am missing?
    >
    > Thank you
    > Julien


    After running this doing a iptables -L shows the rules yes?



    --
    I collect spam + please send it to: givemespam@wibblywobblyteapot.co.uk

  3. Re: Iptables: rules not applied?

    On Aug 3, 1:29*am, Klunk wrote:
    > On Sun, 03 Aug 2008 00:25:00 -0700, julien passed an empty day by writing:
    >
    >
    >
    > > Hello,
    > > I'm using iptables to redirect all the TCP traffic to a transparent
    > > proxy. It seems taht the rules are there: # iptables -t nat --list
    > > Chain PREROUTING (policy ACCEPT)
    > > target * * prot opt source * * * * * * * destination DNAT * * * tcp *--
    > > anywhere * * * * * *!X.X.X.X * * *to:X.X.X.X:Y

    >
    > > Chain POSTROUTING (policy ACCEPT)
    > > target * * prot opt source * * * * * * * destination MASQUERADE *all *--
    > > *anywhere * * * * * * anywhere

    >
    > > Chain OUTPUT (policy ACCEPT)
    > > target * * prot opt source * * * * * * * destination

    >
    > > But when I do, for example, an HTTP request on port 80, it is not
    > > redirected to the proxy.

    >
    > > I'm using Centos 5 on VMware

    >
    > > The script I use:
    > > #!/bin/sh

    >
    > > PROXY_IP="X.X.X.X"
    > > PROXY_PORT="Y"
    > > LAN="eth0"

    >
    > > # Flush
    > > iptables -F
    > > iptables -X
    > > iptables -t nat -F
    > > iptables -t nat -X
    > > iptables -t mangle -F
    > > iptables -t mangle -X

    >
    > > # Load modules
    > > modprobe ip_conntrack
    > > modprobe ip_conntrack_ftp
    > > # For win xp ftp client
    > > echo 1 > /proc/sys/net/ipv4/ip_forward

    >
    > > # Re-routing

    >
    > > iptables -t nat -A PREROUTING -i $LAN -p tcp -d ! $PROXY_IP -j DNAT --
    > > to $PROXY_IP:$PROXY_PORT
    > > iptables -t nat -A POSTROUTING -j MASQUERADE

    >
    > > Any idea waht I am missing?

    >
    > > Thank you
    > > Julien

    >
    > After running this doing a iptables -L shows the rules yes?
    >
    > --
    > I collect spam + please send it to: givemes...@wibblywobblyteapot.co.uk


    Actually, it doesn't:
    # iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    But the rules are displayed with iptables -t nat --list

+ Reply to Thread