[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
----- Original Message ----- From: "Mark McRitchie" <mark@xxxxxxxxxx> To: <list@xxxxxxxxxxxx> Sent: Wednesday, March 12, 2003 11:42 AM Subject: [LUG] iptables Connection redirection > I've got a Debian box running squid and being used as a gateway. > > I've trying to transparently redirect http traffic not using the > proxy and being NAT'd to go via the proxy so it hits the block lists. > > I've tried: > # iptables -t nat -A PREROUTING -s 10.44.1.0/24 -p tcp --dport 80 -j > REDIRECT --to-port 3128 > > and > > # iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to > 10.44.1.107:3128 > > > But that isn't working and I can't find it listed in my rules. > > Anybody doing a similar thing and got it working? I'm getting fed up > looking at playboy.com to test this! ;-) > I had a quick look with google, i found this which may help when a httpd is running on port 80. # iptables -t nat -A PREROUTING -p tcp -d localhost --dport 80 -j ACCEPT # iptables -t nat -A PREROUTING -p tcp -d / --dport 80 -j ACCEPT # iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128 If no httpd is running # iptables -t nat -A PREROUTING -p tcp -d localhost --dport 80 -j REJECT # iptables -t nat -A PREROUTING -p tcp -d / --dport 80 -j ACCEPT # iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128 hope that helps Andrew -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.