iptables help - Security

This is a discussion on iptables help - Security ; I want to redirect all outgoing HTTP traffic to a Squid proxy. I tried: $IPTABLES -t nat -A PREROUTING -s 192.168.2.192 -p tcp --dport 80 -j DNAT --to 192.168.2.231:3128 to test my intended rule: $IPTABLES -t nat -A PREROUTING -i ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: iptables help

  1. iptables help

    I want to redirect all outgoing HTTP traffic to a Squid proxy. I tried:

    $IPTABLES -t nat -A PREROUTING -s 192.168.2.192 -p tcp --dport 80 -j
    DNAT --to 192.168.2.231:3128

    to test my intended rule:

    $IPTABLES -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
    192.168.2.231:3128

    However, it doesn't work... I can no longer access web pages at all, and
    Squid isn't seeing my requests at all. iptables -L doesn't show
    anything that has to do with the new rule. So, I botched something, but
    aren't sure what :-)

    --
    * John Oliver http://www.john-oliver.net/ *

  2. Re: iptables help

    In comp.security.firewalls John Oliver wrote:
    > I want to redirect all outgoing HTTP traffic to a Squid proxy. I tried:
    >
    > $IPTABLES -t nat -A PREROUTING -s 192.168.2.192 -p tcp --dport 80 -j
    > DNAT --to 192.168.2.231:3128
    >
    > to test my intended rule:
    >
    > $IPTABLES -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
    > 192.168.2.231:3128
    >
    > However, it doesn't work... I can no longer access web pages at all,
    > and Squid isn't seeing my requests at all. iptables -L doesn't show
    > anything that has to do with the new rule. So, I botched something,
    > but aren't sure what :-)


    RTM

    http://tldp.org/HOWTO/TransparentProxy.html

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  3. Re: iptables help


    iptables -t nat -A PREROUTING -p TCP --dport 80 -j REDIRECT --to-port 3128

    Found at http://www.visolve.com/squid/whitepa...ns_caching.php

    --
    jbeasley@sdf.lonestar.org
    SDF Public Access UNIX System - http://sdf.lonestar.org

+ Reply to Thread