MrTV
asked on
Iptable
I use FC2 my eth0(192.168.0.8) connect to router (192.168.0.2 which connect to internet) ,My eth1 (192.168.2.18) conect to client pcs
1 How can I use iptable to sharing internet to my client pcs
2 only repquest form client pc that is port 80 force to send to squid
Thank you
1 How can I use iptable to sharing internet to my client pcs
2 only repquest form client pc that is port 80 force to send to squid
Thank you
ASKER
Which sentence put first iptables -t nat -A POSTROUTING –s 192.168.2.0/24 -o eth1 \
-j SNAT -to 192.168.0.8
or iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
-j SNAT -to 192.168.0.8
or iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
note I spotted an earlier mistake I made, change the -i eth0 to -i eth1 as in the above line
note I spotted an earlier mistake I made, change the -i eth0 to -i eth1 as in the above line
why not simply using:
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
ASKER
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: nat [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: iptables-restore: line 1 failed [FAILED]
I copy iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE into /etc/sysconfig/iptables on FC2
and run service iptables restart result is above
This is my /etc/sysconfig /iptables
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
it have only 1 line
Setting chains to policy ACCEPT: nat [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: iptables-restore: line 1 failed [FAILED]
I copy iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE into /etc/sysconfig/iptables on FC2
and run service iptables restart result is above
This is my /etc/sysconfig /iptables
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
it have only 1 line
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1. I assume that your router is doing some kind of NAT to convert your 1918 IP on your linux box to a real ip, so under that assumption all we need to do is to convert the 192.168.2.x address to 192.168.0.x and push it out eth0 and the router will do the rest. If that is the case then a line like:
iptables -t nat -A POSTROUTING –s 192.168.2.0/24 -o eth1 \
-j SNAT -to 192.168.0.8
should do it.
2. You need to intercept the request before it gets processed so something like this should work:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
assuming that the device that is running the iptables is also the one that is running the proxy.