Sorry earlier mail was without attchment. --- Nilesh <niluforalways@xxxxxxxxx> wrote: > no there is only Forward default chain. > I am confused , I have attached herewith my > rc.firewall could you please look into.If I am > going > wrong way. > > Thanks > Nilesh, > > --- Seferovic Edvin <edvin.seferovic@xxxxxxx> wrote: > > > -i eth1 -o eth1 ??? How is this suppose to work? > Is > > there any forward chain > > on one interface? > > > > iptables -A FORWARD -s 192.168.0.10 -i eth1 -d > > 192.168.0.1 -o eth1 -p tcp --sport 1024:65535 > > --dport > > 3128 -j ACCEPT. > > > > Regards, > > > > Edvin > > > > --- Rob Sterenborg <rob@xxxxxxxxxxxxxxx> wrote: > > > > > On Mon, March 13, 2006 09:53, Nilesh wrote: > > > > Thanks Leandro, > > > > > > > > I have tried with this rules but unfortunately > > not > > > > working. > > > > Squid server running on the 192.168.0.3 and > its > > > > working fine. I have not installed any > firewall > > > on > > > > the 192.168.0.3. > > > > In my Internet browser settings If I chnage > the > > > > settings from 192.168.0.1:3128 to > > 192.168.0.3:3128 > > > I > > > > can surf the web. > > > > but If I dont change to 192.168.0.3:3128 proxy > > > > settings I get the connection timout error. > > > > > > > > I think DNAT is not working > > > > > > Probably you tell Netfilter to do DNAT, but are > > not > > > allowing it. > > > Do you have a FORWARD rule that allows this > > traffic > > > or is your policy ACCEPT ? > > > > > > Please don't top-post. > > > > > > > > > Gr, > > > Rob > > > > > > > > > > --- Leandro Silva <lansoweb@xxxxxxxxx> wrote: > > > > > > > >> Hello ! > > > >> > > > >> You can use something like that: > > > >> > > > >> iptables -I PREROUTING -t nat -s 192.168.0.10 > > -p > > > tcp > > > >> --dport 80 -j > > > >> DNAT --to 192.168.0.3:3128 > > > >> iptables -I PREROUTING -t nat -s 192.168.0.10 > > -p > > > tcp > > > >> --dport 3128 -j > > > >> DNAT --to 192.168.0.3:3128 > > > >> > > > >> If you have iprange compiled for iptables you > > can > > > >> use: > > > >> > > > >> iptables -I PREROUTING -t nat -m iprange > > > --src-range > > > >> 192.168.0.10-192.168.0.20 -p tcp --dport 80 > -j > > > DNAT > > > >> --to > > > >> 192.168.0.3:3128 > > > >> iptables -I PREROUTING -t nat -m iprange > > > --src-range > > > >> 192.168.0.10-192.168.0.20 -p tcp --dport 3128 > > -j > > > >> DNAT --to > > > >> 192.168.0.3:3128 > > > >> > > > >> I hope this can help, > > > >> Leandro > > > >> > > > >> 2006/3/11, Nilesh <niluforalways@xxxxxxxxx>: > > > >> > Dear all, > > > >> > > > > >> > I have two squid proxy servers and two ISP > > > >> > > > > >> > 1) 192.168.0.1 port 3128 > > > >> > 2) 192.168.0.3 port 3128 > > > >> > > > > >> > We have around 70 comps assigned IP's > between > > > >> > 192.168.0.4 to 192.168.0.250 > > > >> > The default proxy we are using is > 192.168.0.1 > > > >> which is > > > >> > on the ISP 1. > > > >> > Now I have configured 192.168.0.3 squid > proxy > > > >> server > > > >> > on ISP 2 line. > > > >> > Both ISP 1 and ISP 2 are landing > (connected) > > on > > > >> the > > > >> > same Switch. > > > >> > > > > >> > Now I want setup the request coming from IP > > > range > > > >> > (192.168.0.10 to 192.168.0.20) for the > > > >> > 192.168.0.1:3128 > > > >> > Will be forward to 192.168.0.3:3128 > > > >> > So the users from this IP range will access > > > only > > > >> > 192.168.0.3 proxy server. > > > >> > > > > >> > Could any one please help me which rules > > should > > > I > > > >> use > > > >> > in IPTABLES . > > > >> > > > > >> > I have attached herewith my rc.firewall > file. > > > >> > > > > >> > Please help me. > > > >> > > > > >> > Regards > > > >> > Nilesh. > > > > > > > > > > > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam > > protection around > > http://mail.yahoo.com > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam > > protection around > > http://mail.yahoo.com > > > > > > > > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam > protection around > http://mail.yahoo.com > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam > protection around > http://mail.yahoo.com > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Attachment:
rc.firewall
Description: 543152633-rc.firewall
