port forwarding form IP range

Seferovic Edvin edvin.seferovic at kolp.at
Mon Mar 13 12:09:56 CET 2006 

-i eth1 -o eth1 ??? How is this suppose to work? Is there any forward chain
on one interface?

iptables -A FORWARD -s 192.168.0.10 -i eth1 -d
192.168.0.1 -o eth1 -p tcp --sport 1024:65535 --dport
3128 -j ACCEPT.

Regards,

Edvin

--- Rob Sterenborg <rob at sterenborg.info> wrote:

> On Mon, March 13, 2006 09:53, Nilesh wrote:
> > Thanks Leandro,
> >
> > I have tried with this rules but unfortunately not
> > working.
> > Squid server running on the 192.168.0.3 and its
> > working  fine. I have not installed any firewall
> on
> > the 192.168.0.3.
> > In my Internet browser settings If I chnage the
> > settings from 192.168.0.1:3128 to 192.168.0.3:3128
> I
> > can surf the web.
> > but If I dont change to 192.168.0.3:3128 proxy
> > settings I get the connection timout error.
> >
> > I think DNAT is not working
> 
> Probably you tell Netfilter to do DNAT, but are not
> allowing it.
> Do you have a FORWARD rule that allows this traffic
> or is your policy ACCEPT ?
> 
> Please don't top-post.
> 
> 
> Gr,
> Rob
> 
> 
> > --- Leandro Silva <lansoweb at gmail.com> wrote:
> >
> >> Hello !
> >>
> >> You can use something like that:
> >>
> >> iptables -I PREROUTING -t nat -s 192.168.0.10 -p
> tcp
> >> --dport 80 -j
> >> DNAT --to 192.168.0.3:3128
> >> iptables -I PREROUTING -t nat -s 192.168.0.10 -p
> tcp
> >> --dport 3128 -j
> >> DNAT --to 192.168.0.3:3128
> >>
> >> If you have iprange compiled for iptables you can
> >> use:
> >>
> >> iptables -I PREROUTING -t nat -m iprange
> --src-range
> >> 192.168.0.10-192.168.0.20 -p tcp --dport 80 -j
> DNAT
> >> --to
> >> 192.168.0.3:3128
> >> iptables -I PREROUTING -t nat -m iprange
> --src-range
> >> 192.168.0.10-192.168.0.20 -p tcp --dport 3128 -j
> >> DNAT --to
> >> 192.168.0.3:3128
> >>
> >> I hope this can help,
> >> Leandro
> >>
> >> 2006/3/11, Nilesh <niluforalways at yahoo.com>:
> >> > Dear all,
> >> >
> >> > I have two squid proxy servers and two ISP
> >> >
> >> > 1)      192.168.0.1 port 3128
> >> > 2)      192.168.0.3 port 3128
> >> >
> >> > We have around 70 comps assigned IP's between
> >> > 192.168.0.4 to 192.168.0.250
> >> > The default proxy we are using is 192.168.0.1
> >> which is
> >> > on the ISP 1.
> >> > Now I have configured 192.168.0.3 squid proxy
> >> server
> >> > on ISP 2 line.
> >> > Both ISP 1 and ISP 2 are landing (connected) on
> >> the
> >> > same Switch.
> >> >
> >> > Now I want setup the request coming from IP
> range
> >> > (192.168.0.10 to 192.168.0.20) for the
> >> > 192.168.0.1:3128
> >> > Will be forward to 192.168.0.3:3128
> >> > So the users from this IP range will access
> only
> >> > 192.168.0.3 proxy server.
> >> >
> >> > Could any one please help me which rules should
> I
> >> use
> >> > in IPTABLES .
> >> >
> >> > I have attached herewith my rc.firewall file.
> >> >
> >> > Please help me.
> >> >
> >> > Regards
> >> > Nilesh.
> 
> 
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam
protection around 
http://mail.yahoo.com 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the netfilter mailing list