Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1209
  • Last Modified:

Iptable

I use FC2  my eth0(192.168.0.8) connect to router  (192.168.0.2 which connect to internet)   ,My eth1 (192.168.2.18) conect to client pcs
1 How can I use iptable to sharing internet  to my client pcs
2 only repquest form client pc that is port 80  force to send to squid

Thank you
0
teera
Asked:
teera
  • 2
  • 2
  • 2
1 Solution
 
benjamin_smeeCommented:
Well your question is not particularly clear but if I understand it correctly then the answer is as follows:
1. I assume that your router is doing some kind of NAT to convert your 1918 IP on your linux box to a real ip, so under that assumption all we need to do is to convert the 192.168.2.x address to 192.168.0.x and push it out eth0 and the router will do the rest. If that is the case then a line like:
iptables -t nat -A POSTROUTING –s 192.168.2.0/24 -o eth1 \
-j SNAT -to 192.168.0.8
should do it.
2. You need to intercept the request before it gets processed so something like this should work:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
assuming that the device that is running the iptables is also the one that is running the proxy.
0
 
teeraAuthor Commented:
Which sentence put first iptables -t nat -A POSTROUTING –s 192.168.2.0/24 -o eth1 \
-j SNAT -to 192.168.0.8
or  iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
0
 
benjamin_smeeCommented:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080

note I spotted an earlier mistake I made, change the -i eth0 to -i eth1 as in the above line
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
ahoffmannCommented:
why not simply using:

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
0
 
teeraAuthor Commented:
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: nat                       [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules: iptables-restore: line 1 failed          [FAILED]

I copy  iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE   into  /etc/sysconfig/iptables   on FC2
and  run   service iptables restart   result is above

This is my  /etc/sysconfig /iptables    
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

it have  only 1 line

0
 
ahoffmannCommented:
I'd recommend to ignore the script 'til you find a working solution
Firewalls are no click&go things, you need to know what you do.

Please try following:
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -P INPUT DROP
iptables -P FORWAD DROP
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

# assuming that you do not expect any traffic this box itself
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now