AV1611 Posted July 9, 2007 Share Posted July 9, 2007 Help! I'm in over my head... I need a set of firewall rules but I don't know how to do them. I have two NIC's in a linux server. 192.168.0.111 (static) 192.168.5.1 (static, and has a DHCP server) I figured out how to forward from the second to the first, so the server provides firewalled internet to the second network Now, here is what I need to do. I use a program called dansguardian that works with squid that does content filtering, etc. If the 192.168.5.x networks does port 80 request, they get unfiltered internet. If they use proxy @ port 8080 they get filtered internet. What I am trying to do now is make a firewall rule that does this: when they request a connection on 192.168.5.x port 80, the firewall forwards the request to 192.168.0.111 port 8080 and the result reply from 192.168.0.111 port 8080 is sent back to 192.168.5.x port 80. Now the content filter is transparent. any clue how to syntax the rules into iptables? Thanks... Quote Link to comment https://forums.phpfreaks.com/topic/59148-solved-iptables/ Share on other sites More sharing options...
trq Posted July 9, 2007 Share Posted July 9, 2007 Sorry, Im finding it hard to understand you setup / requirement. Which ip address is LAN and which is WAN? Is this a good description of what you want to do? request: client -> lan interface(port 80) -> wan interface(port 8080) -> web response: web -> wan interface(port 8080) -> lan interface(port 80) -> client. Im not sure that you get a choice about which port a web server replies to and in fact, a typical client should not be expecting a reply on post 80. Quote Link to comment https://forums.phpfreaks.com/topic/59148-solved-iptables/#findComment-293911 Share on other sites More sharing options...
solarisuser Posted July 11, 2007 Share Posted July 11, 2007 make sure the clients internet access is filtered to block all other ports, or a client could use an anonymous proxy on a port like 23 to bypass your content filtering 23 is reserved for telnet, but anonymous proxies can listen to whatever port their configured for Quote Link to comment https://forums.phpfreaks.com/topic/59148-solved-iptables/#findComment-295637 Share on other sites More sharing options...
neylitalo Posted July 13, 2007 Share Posted July 13, 2007 Something like this ought to do the trick - note that this is completely untested. # iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to 192.168.0.111:8080 Quote Link to comment https://forums.phpfreaks.com/topic/59148-solved-iptables/#findComment-297015 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.