?
Solved

Iptable

Posted on 2005-03-13
6
Medium Priority
?
1,202 Views
Last Modified: 2008-01-09
I use FC2  my eth0(192.168.0.8) connect to router  (192.168.0.2 which connect to internet)   ,My eth1 (192.168.2.18) conect to client pcs
1 How can I use iptable to sharing internet  to my client pcs
2 only repquest form client pc that is port 80  force to send to squid

Thank you
0
Comment
Question by:teera
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 

Expert Comment

by:benjamin_smee
ID: 13530945
Well your question is not particularly clear but if I understand it correctly then the answer is as follows:
1. I assume that your router is doing some kind of NAT to convert your 1918 IP on your linux box to a real ip, so under that assumption all we need to do is to convert the 192.168.2.x address to 192.168.0.x and push it out eth0 and the router will do the rest. If that is the case then a line like:
iptables -t nat -A POSTROUTING –s 192.168.2.0/24 -o eth1 \
-j SNAT -to 192.168.0.8
should do it.
2. You need to intercept the request before it gets processed so something like this should work:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
assuming that the device that is running the iptables is also the one that is running the proxy.
0
 

Author Comment

by:teera
ID: 13531032
Which sentence put first iptables -t nat -A POSTROUTING –s 192.168.2.0/24 -o eth1 \
-j SNAT -to 192.168.0.8
or  iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
0
 

Expert Comment

by:benjamin_smee
ID: 13531101
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080

note I spotted an earlier mistake I made, change the -i eth0 to -i eth1 as in the above line
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 13533704
why not simply using:

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
0
 

Author Comment

by:teera
ID: 13533997
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: nat                       [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules: iptables-restore: line 1 failed          [FAILED]

I copy  iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE   into  /etc/sysconfig/iptables   on FC2
and  run   service iptables restart   result is above

This is my  /etc/sysconfig /iptables    
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

it have  only 1 line

0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 1600 total points
ID: 13534317
I'd recommend to ignore the script 'til you find a working solution
Firewalls are no click&go things, you need to know what you do.

Please try following:
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -P INPUT DROP
iptables -P FORWAD DROP
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

# assuming that you do not expect any traffic this box itself
0

Featured Post

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Fine Tune your automatic Updates for Ubuntu / Debian
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question