Aleksei Bebinov escreveu:
I do so :
---------------
cat /etc/config/kg-nets | while read LINE
do
#iptables -t nat -A PREROUTING -i br-lan -d ! $LINE -p tcp -m
multiport --dports 80 -j DNAT --to-destination pr.oxy.ip:3128
done
--------------------------------------------
My script cat the file line by line and add excluding rules ( with ! )
of nets that i dont need to redirect.
BUT!
if only one rule ( for one subnet) persist in table - it works fine, and
if i ll add second - with second net - all the traffic redirecting to
proxy - without any exclusions.
wrong rule for your needs. Maybe:
for LINE in `cat /etc/config/kg-nets`; do
iptables -t nat -A PREROUTING -i br-lan -d $LINE -p tcp --dport 80
-j ACCEPT
done
iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 80 -j DNAT
--to-destination pr.oxy.ip:3128
will do it.
if someone asks me ONE single tip for making iptables easier, i
would say "do NOT use negation rules, those with !" ..... they work just
fine, but people rarely understands that it wont allow multiple
exclusions and will keep fighting with that. Anyway, anything done with
negation rules can be written in other single (and easier to understood)
rules.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@xxxxxxxxxxxxxx
My SPAMTRAP, do not email it
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
