On Mon, May 09, 2005 at 08:13:56PM +0200, Chadley Wilson wrote:
> Greetings
>
> My firewall / router has two interfaces.
> bond0 == internal
> eth0 == external
>
> I have an ftp server setup on the same box. If anyone on the internal network
> tries to access http 80 or ftp 20:21 I would like to route them regardless of
> the url entered to my ftp site.
>
> :} "evil I know"
um--it's called "transparent proxying" and i wouldn't refer to it as
"evil." that being said--the daemon listening on port 80/21 needs to
support transparent proxying (like squid), otherwise it's well..."evil"
wouldn't be *my* choice of words.
> iptables -t nat -A PREROUTING -i bond0 -p tcp --dport 80 -j DNAT \
> --to-dest 192.168.0.1 (ftp??)
iptables -t nat -A PREROUTING -i bond0 -p tcp --dport 80 \
-j REDIRECT --to-ports $PROXY_PORT
iptables -A INPUT -i bond0 -p tcp --dport $PROXY_PORT -j ACCEPT
you'd also need rules to allow the firewall itself to go fetch the
content for the end user.
-j
--
"Stewie: Hidden missile behind the Great Wall? Ancient Chinese
secret, huh?"
--Family Guy
