PRERUTING or POSTROUTING
eantoranz at gmail.com
Sat Feb 4 18:42:09 CET 2006
On your routing server, you have to setup a rule on PREROUTING so that
it changes packets going to port TCP 80 to proxyhost's tcp 8080. That
would mean setting a DNAT (Destination nat). You have to keep in mind
that the machine that made the request doesn't know about that DNAT,
so if the proxy sends it the reply directly, the request will fail, as
it isn't aware that the proxy is handling the request... in other
words: you might have to set a SNAT on POSTROUTING to make sure that
requests that are DNATed to proxy are sent back to the routing server.
You also have to keep in mind that doing this could ruin your proxy
On 2/4/06, czezz <czezz at o2.pl> wrote:
> Here is an description what I want do do:
> -eth0 10.3.1.4
> -ppp0 x.x.x.x
> -etho 10.3.1.8
> -ppp0 y.y.y.y
> Server1 has set FORWARD in iptables for Telnet i FTP services ( so
> users from LAN are able to connect those services in the internet )
> ServerPROXY has Squid service (PROXY for http only)
> All of the hosts in LAN must have set gaytway 10.3.1.4 (eth0
> What should I do to redirect all connection from LAN on port 80 to
> serverPROXY 10.3.1.8:8080 ?
> I heard that POSTROUTING or PREROUTING rule need to be used
> Any suggestions ?
> Someone told me that it might be necessery to compile some
> additional options in kernel (my current kernel is 2.4.31 - regular
> kernel from Slackware 10.2 )
> Any ideas how to slove that ?
More information about the netfilter