Hi Rob
Sorry Rob and team I couldnot send you the Output of
IPTABLES because I was on the Vactions Now I am back
to work.
also I have attached the my rc.firewall file
Please help me to forward request on 192.168.0.3
here is the Output
[root@bugtrack rc.d]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- lo *
0.0.0.0/0 0.0.0.0/0
604 99765 ACCEPT all -- eth1 *
192.168.0.0/24 0.0.0.0/0
0 0 drop-and-log-it all -- ppp0 *
192.168.0.0/24 0.0.0.0/0
917 830K ACCEPT all -- ppp0 *
0.0.0.0/0 59.95.10.98
0 0 ACCEPT all -- ppp0 *
0.0.0.0/0 59.95.10.98 state
RELATED,ESTABLISHED
23 1157 drop-and-log-it all -- * *
0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
2075 265K ACCEPT all -- ppp0 eth1
0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
3366 4209K ACCEPT all -- eth1 ppp0
0.0.0.0/0 0.0.0.0/0
0 0 drop-and-log-it all -- * *
0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * lo
0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth1
59.95.10.98 192.168.0.0/24
736 717K ACCEPT all -- * eth1
192.168.0.0/24 192.168.0.0/24
0 0 drop-and-log-it all -- * ppp0
0.0.0.0/0 192.168.0.0/24
901 132K ACCEPT all -- * ppp0
59.95.10.98 0.0.0.0/0
0 0 drop-and-log-it all -- * *
0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * eth0
0.0.0.0/0 0.0.0.0/0 state NEW tcp
dpt:80
Chain drop-and-log-it (5 references)
pkts bytes target prot opt in out source
destination
23 1157 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6
23 1157 REJECT all -- * *
0.0.0.0/0 0.0.0.0/0 reject-with
icmp-port-unreachable
[root@bugtrack rc.d]#
[root@bugtrack rc.d]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.0.0/24 anywhere
drop-and-log-it all -- 192.168.0.0/24
anywhere
ACCEPT all -- anywhere 59.95.10.98
ACCEPT all -- anywhere 59.95.10.98
state RELATED,ESTABLISHED
drop-and-log-it all -- anywhere
anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
drop-and-log-it all -- anywhere
anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 59.95.10.98
192.168.0.0/24
ACCEPT all -- 192.168.0.0/24
192.168.0.0/24
drop-and-log-it all -- anywhere
192.168.0.0/24
ACCEPT all -- 59.95.10.98 anywhere
drop-and-log-it all -- anywhere
anywhere
ACCEPT tcp -- anywhere anywhere
state NEW tcp dpt:http
Chain drop-and-log-it (5 references)
target prot opt source destination
LOG all -- anywhere anywhere
LOG level info
REJECT all -- anywhere anywhere
reject-with icmp-port-unreachable
--- Rob Sterenborg <rob@xxxxxxxxxxxxxxx> wrote:
> Please reply back to the list and STOP TOPPOSTING.
>
> On Tue, March 14, 2006 11:33, Nilesh wrote:
> > Thanks Rob,
> >
> > I have tried a lot with this rules but unable to
> > forward/redirect traffic.
> > Rob, my question is very simple I want to
> forward/redirect
> > traffic coming from IP 192.168.0.10 for
> 192.168.0.1:3128
> > to 192.168.0.3:3128
>
> Yes I know what the question is. But if it's so
> simple, then why doesn't it
> work already ?
>
> > The detail about network.
> > We have two Internet service providers.
> > The scenario is 192.168.0.1 is on my Internet
> Service
> > Provider(ISP) 1 and now I have installed second
> proxy server
> > on other comp which is 192.168.0.3 on the ISP 2
> connection.
> > We have assigned the Ip's to our internal machines
> from range
> > 192.168.0.4 to 192.168.0.250.
> > We have some bandwidth upload/download limitations
> on
> > the ISP 1.
> > I want to use 192.168.0.3 proxy severs for the
> some
> > IP's I have taken example of 192.168.0.10 IP.
> > The browser settings of 192.168.0.10 comp is
> > 192.168.0.1:3128
> >
> > I want to setup the firewall on the 192.168.0.1 so
> the
> > request coming from 192.168.0.10 for the
> > 192.168.0.1:3128 will forwarded to IP
> 192.168.0.3:3128
> > so he/she will use invisibly the proxy
> > 192.168.0.3:3128
> >
> > could you please help me to solve the problem
>
> The rules I wrote should do what you want to do.
>
> > $ipt -t nat -A PREROUTING -i eth1 -s 192.168.0.10
> \
> > -p tcp --dport 3128 -j DNAT --to 192.168.0.3
>
> This specifies that packets to 192.168.0.1:3128 are
> redirected to 192.168.0.3
> (same port).
>
> > $ipt -A FORWARD -i eth1 -s 192.168.0.10 \
> > -d 192.168.0.3 -p tcp --dport 3128 -j ACCEPT
>
> This allows it to happen, but policy is ACCEPT
> anyway so this rule should
> actually be of no use (unless another rule blocks
> it).
>
> If it doesn't work, could you please show us the
> output of : "iptables -nvL".
>
>
> Gr,
> Rob
>
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com Attachment:
rc.firewall
Description: 543152633-rc.firewall
