Newbie in a deep trouble!!!
Elvis Aaron Presley
elvisa@terra.es
Thu, 12 Aug 2004 10:09:54 +0200
It works!!!!!!!!!!!
With this three lines:
iptables -t nat -A PREROUTING -p tcp -d 172.16.0.0/16 --dport 80 -j =
ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 10.34.0.0/16 --dport 80 -j =
ACCEPT
iptables -t nat -A PREROUTING -p tcp -i ! eth0 --dport 80 -j REDIRECT
--to-port 3128
Thank you to all!!!!
Elvis
-----Mensaje original-----
De: Jason Opperisano [mailto:Jopperisano@alphanumeric.com]=20
Enviado el: mi=E9rcoles, 11 de agosto de 2004 14:12
Para: Elvis Aaron Presley; Netfilter
Asunto: RE: Newbie in a deep trouble!!!
>
> First I put this:
>
> iptables -t nat -A PREROUTING -p tcp -d ! 172.16.0.0/16 --dport 80 -j=20
> REDIRECT --to-port 3128
>
> Ok with this, the 10.34.x.x pcs can access to internet through the=20
> proxy and can view the web pages of the 172.16.x.x pcs ... It works!!!
>
> Then I put this:
>
> iptables -t nat -A PREROUTING -p tcp -d ! 10.34.0.0/16 --dport 80 -j=20
> REDIRECT --to-port 3128
>
> With this, the 172.16.x.x pcs can access to internet through the=20
> proxy and can view the web pages of the 10.34.x.x pcs ... It works=20
> too!!!
>
> This commands works separately, but when I put the two at same time it =
> doesn't work.
it's because 10.34.0.0/16 matches "-d ! 172.16.0.0/16" and 172.16.0.0/16
matches "-d ! 10.34.0.0/16"
> Can anybody help me please????
i can try. your PREROUTING rules should be, in order:
iptables -t nat -A PREROUTING -p tcp -d 172.16.0.0/16 --dport 80 -j =
ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 10.34.0.0/16 --dport 80 -j =
ACCEPT
iptables -t nat -A PREROUTING -p tcp -i ! eth0 --dport 80 -j REDIRECT
--to-port 3128
which allows traffic to 172.16.0.0/16 and 10.34.0.0/16 to pass without =
going
through the squid proxy, and anything else received on either eth2 or =
eth1
to get redirected to the squid cache.
-j