-i eth1 -o eth1 ??? How is this suppose to work? Is there any forward chain on one interface? iptables -A FORWARD -s 192.168.0.10 -i eth1 -d 192.168.0.1 -o eth1 -p tcp --sport 1024:65535 --dport 3128 -j ACCEPT. Regards, Edvin --- Rob Sterenborg <rob@xxxxxxxxxxxxxxx> wrote: > On Mon, March 13, 2006 09:53, Nilesh wrote: > > Thanks Leandro, > > > > I have tried with this rules but unfortunately not > > working. > > Squid server running on the 192.168.0.3 and its > > working fine. I have not installed any firewall > on > > the 192.168.0.3. > > In my Internet browser settings If I chnage the > > settings from 192.168.0.1:3128 to 192.168.0.3:3128 > I > > can surf the web. > > but If I dont change to 192.168.0.3:3128 proxy > > settings I get the connection timout error. > > > > I think DNAT is not working > > Probably you tell Netfilter to do DNAT, but are not > allowing it. > Do you have a FORWARD rule that allows this traffic > or is your policy ACCEPT ? > > Please don't top-post. > > > Gr, > Rob > > > > --- Leandro Silva <lansoweb@xxxxxxxxx> wrote: > > > >> Hello ! > >> > >> You can use something like that: > >> > >> iptables -I PREROUTING -t nat -s 192.168.0.10 -p > tcp > >> --dport 80 -j > >> DNAT --to 192.168.0.3:3128 > >> iptables -I PREROUTING -t nat -s 192.168.0.10 -p > tcp > >> --dport 3128 -j > >> DNAT --to 192.168.0.3:3128 > >> > >> If you have iprange compiled for iptables you can > >> use: > >> > >> iptables -I PREROUTING -t nat -m iprange > --src-range > >> 192.168.0.10-192.168.0.20 -p tcp --dport 80 -j > DNAT > >> --to > >> 192.168.0.3:3128 > >> iptables -I PREROUTING -t nat -m iprange > --src-range > >> 192.168.0.10-192.168.0.20 -p tcp --dport 3128 -j > >> DNAT --to > >> 192.168.0.3:3128 > >> > >> I hope this can help, > >> Leandro > >> > >> 2006/3/11, Nilesh <niluforalways@xxxxxxxxx>: > >> > Dear all, > >> > > >> > I have two squid proxy servers and two ISP > >> > > >> > 1) 192.168.0.1 port 3128 > >> > 2) 192.168.0.3 port 3128 > >> > > >> > We have around 70 comps assigned IP's between > >> > 192.168.0.4 to 192.168.0.250 > >> > The default proxy we are using is 192.168.0.1 > >> which is > >> > on the ISP 1. > >> > Now I have configured 192.168.0.3 squid proxy > >> server > >> > on ISP 2 line. > >> > Both ISP 1 and ISP 2 are landing (connected) on > >> the > >> > same Switch. > >> > > >> > Now I want setup the request coming from IP > range > >> > (192.168.0.10 to 192.168.0.20) for the > >> > 192.168.0.1:3128 > >> > Will be forward to 192.168.0.3:3128 > >> > So the users from this IP range will access > only > >> > 192.168.0.3 proxy server. > >> > > >> > Could any one please help me which rules should > I > >> use > >> > in IPTABLES . > >> > > >> > I have attached herewith my rc.firewall file. > >> > > >> > Please help me. > >> > > >> > Regards > >> > Nilesh. > > > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
