[other] iptables question

view full story

http://ubuntuforums.org – I use ddwrt to redirect traffic to my squid/dansguardian box. It does this transparently using the iptables script below. #!/bin/sh PROXY_IP=192.168.1.2 PROXY_PORT=8080 LAN_IP=`nvram get lan_ipaddr` LAN_NET=$LAN_IP/`nvram get lan_netmask` iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT iptables -t nat -I PREROUTING -i br0 -s 192.168.1.5 -j ACCEPT the final command allows 192.168.1.5 to bypass the filter. This would be the only device in which apt-get and spybot updates works from. (Nevermind how one device can do both of those things.) I'm not real slick with iptables, but I'm thinking maybe the router box is dropping all non port 80 traffic except for device 192.168.1.5. More than likely apt and spybot use https, so what would be the iptables rule to allow all traffic on port 443 to bypass the filter? Does apt-get (and spybot updates) use a different port than 443? (HowTos)

Submitted by xskl on 02/16/2010 – Made popular on 02/16/2010

Login or register to post comments
Email this page

Stories similar to [other] iptables question

Squid vs iptables = no Squid access.log? 1 year 10 weeks ago

Hello,

I have a pretty useless satellite link at home (far from any civilization), so I wanted to set up caching in order to speed things up.

transparent proxy with iptables on two networks 24 weeks 2 days ago

I have one router under which I have two separate networks - employee [bridge br0] and student [bridge br1]. I would like traffic on both bridges to be filtered by transparent proxy I have running outside in the Internet.

I don't know iptables very well.

iptables redirect range and exclude 1 year 15 weeks ago

i have this iptables and working.

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 0:20 -j REDIRECT --to-port 8080 #bypass SSH iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 23:442 -j REDIRECT --to-port 8080 #bypass SSL iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 444:2082 -j REDIRECT --to-port 8080 #Cpanel SSL iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2084:2086 -j RE

iptables: How to redirect port in Red Hat Linux 6 (RHEL)? [closed] 18 weeks 3 days ago

Possible Duplicate: iptables: forward port 80 to port 8080

I'd like to forward port 80 to 8080. So I tried to edit /etc/syscongfig/iptables:

-A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

But got:

# service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK

IPTABLES allow mail with DROP policy [closed] 22 weeks 9 hours ago

I'd like to allow mail through iptables and DROP policy but this script doesn't work what it is wrong here:

## FLUSH de reglas iptables -F

iptables -X

iptables -Z

iptables -t nat -F

## policy iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

iptables -P FORWARD DROP

# localhost iptables -A INPUT -i lo -j ACCEPT

# Allow my ip iptables -A INPUT -s MY_IP -j ACCEPT

# 80 port iptables -A I

CentOS 5, port 8080 won't allow traffic 1 year 19 weeks ago

I'm trying to open up port 8080 on my CentOS 5, Apache 2.2.3 server. When I go to ip:8080/mydirectory - it times out.

iptables: multiple exclusions on port forwarding 7 weeks 1 day ago

I have an existing iptables setup that does port forwarding. In this port forwarding scenario there are some instances where I do not want it to port forward. So, for instance I have this defined:

iptables -A PREROUTING -t nat -i eth0 '!' -s 10.200.0.0/16 -p tcp --dport 80 -j DNAT --to 10.200.30.11

This will prevent 10.200/16 from accessing this rule.

How do I use iptables to reject all traffic to localhost port 80 but allow the one that comes from local machine? 44 weeks 5 days ago

How do I use iptables to reject all traffic to localhost port 80 but allow the one that comes from local machine?

Here is my current solution that doesn't seems to block the traffic. the ip, the the ip of the local machine.

NAT ing with iptables 17 weeks 2 days ago

i am trying to learn NAT ing with iptables but i ran into some confusions.

i am having two virtual machines with ips 18.43 lets say B and 18.42 C running webservers on port 80. i need to NAT every traffic coming on B:80 to C:80 (Do not want to use any other techinique other than NAT)

rule on B with ip-forward on and Default Policy of every chain is to ACCEPT

iptables -t nat -A PREROUTING -p tcp

[other] iptables question

Search

Best published stories

Beautiful linux wallpapers

Tags