REDIRECT to different interfaces.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello all. This is my first time on this mailing list. I am trying to alter
the iptables rules in my SmoothWall firewall to allow transparent web proxy
on different network interfaces. The stock configuration of the firewall is
to allow web proxy on just the green interface. I have altered it so that it
will allow web proxy on green (eth0) and orange (eth1). These are the
default rules in the rc.firewall.up configuration.

# localhost and ethernet.
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -i $GREEN_DEV -j ACCEPT
.
.
.
# squid
/sbin/iptables -t nat -N squid
/sbin/iptables -t nat -N jmpsquid
/sbin/iptables -t nat -A jmpsquid -d 10.0.0.0/8 -j RETURN
/sbin/iptables -t nat -A jmpsquid -d 172.16.0.0/12 -j RETURN
/sbin/iptables -t nat -A jmpsquid -d 192.168.0.0/16 -j RETURN
/sbin/iptables -t nat -A jmpsquid -d 192.168.10.0/16 -j RETURN
/sbin/iptables -t nat -A jmpsquid -d 169.254.0.0/16 -j RETURN
/sbin/iptables -t nat -A jmpsquid -j squid
/sbin/iptables -t nat -A PREROUTING -i $GREEN_DEV -j jmpsquid
.
.
.
And the "restartsquid" script adds the rule
/sin/iptables -t nat -A squid -p tcp --dport 80 -j REDIRECT --to-ports 800

if transparent proxy is enabled. I have modified the chains and added

/sbin/iptables -A INPUT -i $ORANGE_DEV -j ACCEPT
to the INPUT chain and
/sbin/iptables -t nat -A PREROUTING -i $ORANGE_DEV -j jmpsquid
to the PREROUTING chain.

I have also changed the redirect rule to
/sin/iptables -t nat -A squid -p tcp --dport 80 -j REDIRECT --to-ports 8080
if a content filter is enabled (ie DansGuardian) or leave it as redirect to
800 if DansGuardian is not running.

What I want to do is only redirect to a specific interface depending what is
enabled. What I have tried is this

/sin/iptables -t nat -A squid -i eth0 -p tcp --dport 80 -j
REDIRECT --to-ports 800
/sin/iptables -t nat -A squid -i eth1 -p tcp --dport 80 -j
REDIRECT --to-ports 800

And I want to be able to do something like this

/sin/iptables -t nat -A squid -i eth0 -p tcp --dport 80 -j
REDIRECT --to-ports 8080
/sin/iptables -t nat -A squid -i eth1 -p tcp --dport 80 -j
REDIRECT --to-ports 800

to REDIRECT tcp going to green (eth0) on port 80 to port 8080 if the content
filter is enabled ON GREEN and
    REDIRECT tcp going to orange (eth1) on port 80 to port 800 if the
content filter is turned off ON ORANGE.

So far everything I have tried has failed. It will not REDIRECT port 80 to
800 or port 80 to 8080 on a specific interface. It only seems to work for
source of anywhere and destination of anywhere.

Would someone be able to show me how to REDIRECT to a specific port AND
interface?

Thank you,

Stan
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux