Is there a trick to getting a secureNAT connection to work through the proxy server with the following iptables setting? Do I have to make another rule like the one below for each port that is required? iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080 Thank you On Wed, Apr 27, 2011 at 7:45 AM, Mike Hendrie <mike@xxxxxxxxxxxxxx> wrote: > I tried: > sudo iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j > REDIRECT --to- 8080 > iptables -t nat -A POSTROUTING -s 172.20.0.0/16 -j MASQUERADE > > And still ended up with the same message: > > ERROR > The requested URL could not be retrieved > > -------------------------------------------------------------------------------- > > The following error was encountered while trying to retrieve the URL: > http://twinlakes.k12.wi.us/ > > Connection to 216.56.4.133 failed. > > The system returned: (110) Connection timed out > > The remote host or network may be down. Please try the request again. > > Your cache administrator is webmaster. > > > > > -------------------------------------------------------------------------------- > > Generated Wed, 27 Apr 2011 12:46:38 GMT by localhost (squid/2.7.STABLE9) > > > > > On Wed, Apr 27, 2011 at 7:17 AM, Vigneswaran R <vignesh@xxxxxxxxxxx> wrote: >> On 04/27/2011 04:56 PM, Mike Hendrie wrote: >>> >>> Thanks for the response. Once I implemented your suggestion, I get the >>> following error when trying to access the school's website from WITHIN >>> the LAN. Why can it not find the URL? >>> >>> ERROR >>> >>> The requested URL could not be retrieved >>> >>> The following error was encountered while trying to retrieve the URL: >>> http://www.twinlakes.k12.wi.us/ >>> >>> Connection to 216.56.4.133 failed. >>> The system returned: (110) Connection timed out >> >> I assume that you want to give access to the Internet for all the machines >> in the LAN, through your "PROXY" server. ie., making the server an Internet >> Gateway. >> >> If so, the following should work, >> >> iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE >> >> Here, replace the 192.168.1.0/24 with the correct IP address range used in >> your LAN. Please ensure that all the machines have the default route >> pointing to the server. >> >> This allows, all kinds of traffic like http, ftp, ssh etc., to the public >> sites. If necessary, add further iptables rules to restrict this. Hope this >> helps. >> >> >> Regards, >> Vignesh >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html >> > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
