On July 20, 2004 09:25 am, Mike Burger wrote: > I've got a pretty good iptables firewall in place which, at present, > allows fairly broad access to the net from the machines behind the > firewall. > > What I'd like to do, now, is have the firewall forward outbound packets > for port 80 (to any address) to port 8080 on my server, which will then > proxy (DansGuardian+Squid or Privoxy). > > I've tried this (keeping in mind that I'm trying it for one system, first, > before implementing it network-wide): > > $IPTABLES -t nat -A PREROUTING -s 192.168.0.4 -p tcp --dport 80 -j DNAT > --to 192.168.0.1:8080 > $IPTABLES -A FORWARD -i eth1 -p tcp --dport 80 -m state --state NEW -d > 192.168.0.1 -j ACCEPT > > I've tried using a "REDIRECT", but then connections go absolutely > nowhere...it seems that REDIRECT only works on the local system, not > across the network. > > But then the proxies don't actually grab any info and present it back to > the browser. > > If I set up direct proxy connections in the browsers, though, to the proxy > server at 8080, it works just fine. > > Maybe it's not an iptables setting, but a proxy server setting I want? > I'm at a loss. > -- > Mike Burger > http://www.bubbanfriends.org > Mike, Your FORWARD rules are performed on the output of the PREROUTING. So, preasuming 192.168.0.4 is the test station on the LAN & 192.168.0.1 is the proxy server, you should be using "--dport 8080" not "--dport 80" in the FORWARD. -- Pete Nesbitt, rhce -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
