RE: Newbie in a deep trouble!!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It works!!!!!!!!!!!

With this three lines:

iptables -t nat -A PREROUTING -p tcp -d 172.16.0.0/16 --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 10.34.0.0/16 --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -i ! eth0 --dport 80 -j REDIRECT
--to-port 3128

Thank you to all!!!!

Elvis


-----Mensaje original-----
De: Jason Opperisano [mailto:Jopperisano@xxxxxxxxxxxxxxxx] 
Enviado el: miércoles, 11 de agosto de 2004 14:12
Para: Elvis Aaron Presley; Netfilter
Asunto: RE: Newbie in a deep trouble!!!


>
> First I put this:
>
> iptables -t nat -A PREROUTING -p tcp -d ! 172.16.0.0/16 --dport 80 -j 
> REDIRECT --to-port 3128
>
> Ok with this, the 10.34.x.x pcs can access to internet through the 
> proxy and can view the web pages of the 172.16.x.x pcs ... It works!!!
>
> Then I put this:
>
> iptables -t nat -A PREROUTING -p tcp -d ! 10.34.0.0/16 --dport 80 -j 
> REDIRECT --to-port 3128
>
> With this,  the 172.16.x.x pcs can access to internet through the 
> proxy and can view the web pages of the 10.34.x.x pcs ... It works 
> too!!!
>
> This commands works separately, but when I put the two at same time it 
> doesn't work.

it's because 10.34.0.0/16 matches "-d ! 172.16.0.0/16" and 172.16.0.0/16
matches "-d ! 10.34.0.0/16"

> Can anybody help me please????

i can try.  your PREROUTING rules should be, in order:

iptables -t nat -A PREROUTING -p tcp -d 172.16.0.0/16 --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 10.34.0.0/16 --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -i ! eth0 --dport 80 -j REDIRECT
--to-port 3128

which allows traffic to 172.16.0.0/16 and 10.34.0.0/16 to pass without going
through the squid proxy, and anything else received on either eth2 or eth1
to get redirected to the squid cache.

-j




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux