Need help on IPtable Rule.!!!

[ashokvpp]

Hi Frnds,,



I have my Redhat Linux server running with squid + IPtables.
Here is my scenario

eth1 :- 192.168.20.x/24

eth0:- Internet IP

I have already configured my 20.x network to access internet, Automatically redirected to port 8080 [transperant squid]

Now I need the same network i,e 20.x http request made to my own repository server not to redirect to 8080.

192.168.20.x/24 if port 80 to this IP x.x.x.x then allow

Pls help me to write an IP tables rule for above.

Thanks a ton

Best Regards
ashok

[fandar]

Here is example:

iptables -t nat -A PREROUTING -p tcp -i eth1 -d ! interent_server_ip -s 192.168.20.0/24 --dport 80 -j REDIRECT --to-port 8080

or

iptables -t nat -A PREROUTING -p tcp -i eth1 -d x.x.x.x -s 192.168.20.x --dport 80 -j RETURN
iptables -t nat -A PREROUTING -p tcp -i eth1 -s 192.168.20.x --dport 80 -j REDIRECT --to-port 8080

[ashokvpp]

Hi ,,

Thank you

Well i used these rules with a bit modification working good.

Still have problem
I have my webserver running with x.x.x.x, so I want my 192.168.20.x users to directly reach my webserver with port 80. [Note :- For my Webserver thy shld not go via squid 8080 ].

iptables -t nat -A PREROUTING -p tcp -i eth1 -d ! interent_server_ip -s 192.168.20.0/24 --dport 80 -j REDIRECT --to-port 8080

Cant we use FORWARD rule or OUTPUT rule ??

Bcoz I have already have rule like this ..

iptables -t nat -A PREROUTING -p tcp -d 0/0 --dport 80 -j DNAT --to 192.168.0.2:8080

Can you pls explain you rule I was bit confused to undesstand it .. RETURN ???





Pls suggest the rule..

Thanks

Best Regards
ashok

[ashokvpp]

Hi Fander .,,,

I got it worked

Below is the rule :-

[root@internet sysconfig]# iptables -t nat -A PREROUTING -p tcp -d ! x.x.x.x --dport 80 -j DNAT --to 192.168.0.2:8080

This has done for 1 webserver.

Well ,,

One more quick question ..

I have 10 web servers running all in different IP n Subnets , so how do i implement that in the rule.

Pls Suggest

Thank for your guidance....

Best Regards
ashok

[fandar]

For example i will have 3 webservers with ip addresses 192.168.20.1, 192.168.20.10, 192.168.20.100, then my iptabels rules will be:

iptables -t nat -A PREROUTING -p tcp -i eth1 -d 192.168.20.1 -s 192.168.20.0/24 --dport 80 -j RETURN
iptables -t nat -A PREROUTING -p tcp -i eth1 -d 192.168.20.10 -s 192.168.20.0/24 --dport 80 -j RETURN
iptables -t nat -A PREROUTING -p tcp -i eth1 -d 192.168.20.100 -s 192.168.20.0/24 --dport 80 -j RETURN
iptables -t nat -A PREROUTING -p tcp -i eth1 -s 192.168.20.0/24 --dport 80 -j REDIRECT --to-port 8080

[ashokvpp]

Dear Fandar,,

Thanks a ton

iptables -t nat -A PREROUTING -p tcp -i eth1 -d 192.168.20.1 -s 192.168.20.0/24 --dport 80 -j RETURN

Can you pls explain this rule in Plain english??

Wat does that RETURN exaclty mean sir??

Best Regards
ashok