no there is only Forward default chain. I am confused , I have attached herewith my rc.firewall could you please look into.If I am going wrong way. Thanks Nilesh, --- Seferovic Edvin <edvin.seferovic@xxxxxxx> wrote: > -i eth1 -o eth1 ??? How is this suppose to work? Is > there any forward chain > on one interface? > > iptables -A FORWARD -s 192.168.0.10 -i eth1 -d > 192.168.0.1 -o eth1 -p tcp --sport 1024:65535 > --dport > 3128 -j ACCEPT. > > Regards, > > Edvin > > --- Rob Sterenborg <rob@xxxxxxxxxxxxxxx> wrote: > > > On Mon, March 13, 2006 09:53, Nilesh wrote: > > > Thanks Leandro, > > > > > > I have tried with this rules but unfortunately > not > > > working. > > > Squid server running on the 192.168.0.3 and its > > > working fine. I have not installed any firewall > > on > > > the 192.168.0.3. > > > In my Internet browser settings If I chnage the > > > settings from 192.168.0.1:3128 to > 192.168.0.3:3128 > > I > > > can surf the web. > > > but If I dont change to 192.168.0.3:3128 proxy > > > settings I get the connection timout error. > > > > > > I think DNAT is not working > > > > Probably you tell Netfilter to do DNAT, but are > not > > allowing it. > > Do you have a FORWARD rule that allows this > traffic > > or is your policy ACCEPT ? > > > > Please don't top-post. > > > > > > Gr, > > Rob > > > > > > > --- Leandro Silva <lansoweb@xxxxxxxxx> wrote: > > > > > >> Hello ! > > >> > > >> You can use something like that: > > >> > > >> iptables -I PREROUTING -t nat -s 192.168.0.10 > -p > > tcp > > >> --dport 80 -j > > >> DNAT --to 192.168.0.3:3128 > > >> iptables -I PREROUTING -t nat -s 192.168.0.10 > -p > > tcp > > >> --dport 3128 -j > > >> DNAT --to 192.168.0.3:3128 > > >> > > >> If you have iprange compiled for iptables you > can > > >> use: > > >> > > >> iptables -I PREROUTING -t nat -m iprange > > --src-range > > >> 192.168.0.10-192.168.0.20 -p tcp --dport 80 -j > > DNAT > > >> --to > > >> 192.168.0.3:3128 > > >> iptables -I PREROUTING -t nat -m iprange > > --src-range > > >> 192.168.0.10-192.168.0.20 -p tcp --dport 3128 > -j > > >> DNAT --to > > >> 192.168.0.3:3128 > > >> > > >> I hope this can help, > > >> Leandro > > >> > > >> 2006/3/11, Nilesh <niluforalways@xxxxxxxxx>: > > >> > Dear all, > > >> > > > >> > I have two squid proxy servers and two ISP > > >> > > > >> > 1) 192.168.0.1 port 3128 > > >> > 2) 192.168.0.3 port 3128 > > >> > > > >> > We have around 70 comps assigned IP's between > > >> > 192.168.0.4 to 192.168.0.250 > > >> > The default proxy we are using is 192.168.0.1 > > >> which is > > >> > on the ISP 1. > > >> > Now I have configured 192.168.0.3 squid proxy > > >> server > > >> > on ISP 2 line. > > >> > Both ISP 1 and ISP 2 are landing (connected) > on > > >> the > > >> > same Switch. > > >> > > > >> > Now I want setup the request coming from IP > > range > > >> > (192.168.0.10 to 192.168.0.20) for the > > >> > 192.168.0.1:3128 > > >> > Will be forward to 192.168.0.3:3128 > > >> > So the users from this IP range will access > > only > > >> > 192.168.0.3 proxy server. > > >> > > > >> > Could any one please help me which rules > should > > I > > >> use > > >> > in IPTABLES . > > >> > > > >> > I have attached herewith my rc.firewall file. > > >> > > > >> > Please help me. > > >> > > > >> > Regards > > >> > Nilesh. > > > > > > > > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam > protection around > http://mail.yahoo.com > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam > protection around > http://mail.yahoo.com > > > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
