iptable and redirect - Linux Forums

03-27-2003	#1 (permalink)
l_linuxguru Just Joined! Join Date: Mar 2003 Posts: 36	iptable and redirect iptables -t nat -A PREROUTING -p tcp -s 192.168.0.0/16 --dport 80 -j REDIRECT --to-port 3128 ihave added this rule to redirect all my http request to port 3128 but its not working. plz help.

03-28-2003	#2 (permalink)
wassy121 Linux Enthusiast Join Date: Jun 2002 Location: San Antonio Posts: 622	that probably does exactly what you told it to: Code: iptables -t nat will add this rule to the "nat" table Code: -A PREROUTING -p tcp -s 192.168.0.0/16 will make this rule happen before it is routed through the box, and will act on all TCP requests that come from 192.168.0.0/16 (which is your internal network) Code: --dport 80 -j REDIRECT --to-port 3128 will assure that packets going to port 80 of the destination will redirect to port 3128. So you are saying that when an internal client (like the computer you type at) tries to go to "hotmail.com" it is redirected to "hotmail.com:3128". Is this what you want? __________________ I respectfully decline the invitation to join your delusion.

03-29-2003

#3 (permalink)

l_linuxguru

Just Joined!

Join Date: Mar 2003

Posts: 36

Quote:

Originally Posted by wassy121

that probably does exactly what you told it to:

Code:

iptables -t nat

will add this rule to the "nat" table

Code:

-A PREROUTING -p tcp -s 192.168.0.0/16

will make this rule happen before it is routed through the box, and will act on all TCP requests that come from 192.168.0.0/16 (which is your internal network)

Code:

--dport 80 -j REDIRECT --to-port 3128

will assure that packets going to port 80 of the destination will redirect to port 3128.

So you are saying that when an internal client (like the computer you type at) tries to go to "hotmail.com" it is redirected to "hotmail.com:3128". Is this what you want?

my proxy server add is 192.168.23.1(internal) iwant all the client request to redirect to it on port 3128.

03-30-2003

#4 (permalink)

Dolda2000

Linux Guru

Join Date: Oct 2001

Location: Täby, Sweden

Posts: 7,578

Quote:

Originally Posted by wassy121

So you are saying that when an internal client (like the computer you type at) tries to go to "hotmail.com" it is redirected to "hotmail.com:3128". Is this what you want?

I think you've misunderstood the REDIRECT target, wassy. It redirects the port _and_ destination address. It's just that the address is changed to that of the interface that the packet came in through, so in that way it should work.

Download ethereal (if it's not already installed) and check some test traffic to see what's wrong. Also, how doesn't it work? Does it have no effect at all (like the client fetching the content directly from hotmail.com) or does the client fail to connect?