On Tue Aug 29 2000 at 17:11, Richard June wrote:
> I have a setup like this.
> Server connected to the internet.
> v
> -----[ ]------()
> | ^
> | Proxy machine.
> { }
> ^
> Network.
>
> Every computer in the network (172.17.0.0/16) uses the server for their
> default gw (172.17.0.1) i want to grab all the web traffic and redirect it
> to the proxy machine(172.17.0.90) what is it I would have to do get this
> to work? I've tried redir, with no success, and marking the traffic then
> picking it out with the mfw module for ipmasqadm. the system is kernel
> 2.2.6 and I've compiled in all the stuff that ipmasqadm says it needs. but
> to no avail.
>
> here's what I did to try redir.
> /sbin/ipchains -A input -p TCP -d 192.168.100.144/32 -j ACCEPT
> /sbin/ipchains -A input -p TCP -s 192.168.100.0/25 -d 0/0 www -j REDIRECT\
> 3128
> redir --lport 3128 --caddr=192.168.100.1 --cport=23 --syslog --name=REDIR --debug
>
> No packets showed up to redir.
> Any pointers would be appreciated.
Not the way to do it.
Use ipchains to "fwmark" the port 80 traffic you want to redirect,
then use this fwmark to send the packets to another routing table
that sends it to the proxy.
If you don't know how to do this, then you'll need to read all the
documentation that comes with /sbin/ip and /sbin/tc etc.
You will also need a kernel that has TOS and fwmark capability,
along with all the advanced stuff like routing policy and multiple
routing tables. Once you have this, it is not very difficult to set
up what you want. It works *really* well.
Cheers
Tony
-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-
Tony Nugent <Tony@growzone.com.au> Systems Administrator, RHCE
GrowZone OnLine (a project of) GrowZone Development Network
POBox 475 Toowoomba Oueensland Australia 4350 Ph: 07 4637 8322
-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
