Solved

linux Firewall with webmin

Posted on 2006-11-05
8
2,804 Views
Last Modified: 2008-01-09
can someone point me to how to setup my port redirects with webmin on iptables

im in need of forwarding my internal lan port 80 to port 3128 to squid for transparent proxy

any help would be great. or if possible how could i setup so i wouldnt need squid and my computers could just go out the internet to www.google.com and return?

im using fedora core 5 and webmin with iptables.
my two ethernet cards are

eth0      Link encap:Ethernet  HWaddr 00:07:E9:D7:FC:4A
          inet addr:192.168.99.10  Bcast:192.168.99.255  Mask:255.255.255.0
          inet6 addr: fe80::207:e9ff:fed7:fc4a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1465992 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1926162 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:201943353 (192.5 MiB)  TX bytes:1609675194 (1.4 GiB)

eth1      Link encap:Ethernet  HWaddr 00:07:E9:D7:FC:4B
          inet addr:68.236.*.*  Bcast:68.236.1*.*  Mask:255.255.255.0
          inet6 addr: fe80::207:e9ff:fed7:fc4b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7814875 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8300252 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3615322993 (3.3 GiB)  TX bytes:2394278076 (2.2 GiB)
0
Comment
Question by:aot2002
  • 3
  • 2
8 Comments
 
LVL 14

Expert Comment

by:pablouruguay
ID: 17878623
i dont know in webmin but in text mode check this
http://lists.netfilter.org/pipermail/netfilter/2004-December/057512.html
0
 
LVL 1

Author Comment

by:aot2002
ID: 17878888
thanks but i already have text instructions
need webmin please

anyone else?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 17886760
I am confused.  Do you want squid to do transparent proxy or do you not want to use squid?

Transparent proxy:

     http://tldp.org/HOWTO/TransparentProxy.html


If you do not want to use Squid (which I think using Squid is a good idea) you need to give us more information on your setup.  You may or may not just need to setup address Masquerading.

When in doubt, look at the config in Webmin (don't forget to view packet alteration and nat tables), follow the text instructions, then look the the config in Webmin again and see what the difference is.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 1

Author Comment

by:aot2002
ID: 17889108
ok basically what im trying to do is setup my two nic cards in my linux machine as a router

one to be my lan with DHCP
and one to be my WAN with NAT block

the trouble is i setup this and my computers dont seem to get to the net. only through squid they can i thought i'd setup squid through port 80 so it was transparent on the lan side but alot of other programs dont relay information back and forth from my linux firewall
even programs that established a connection from the lan side seem to not be able to get results back.
it could also be a routing issue.
i was hoping someone has done this before with simple basic instructions to get me started
0
 
LVL 57

Accepted Solution

by:
giltjr earned 50 total points
ID: 17889336
Do you have the Linux box setup to do IP routing/forwarding?

if you want to remove Squid from the picture then at a minumum you need to have the Linux box setup to do IP forwarding.

I would suggest that you use Squid as it can reduce traffic on your Internet connection.  Squid will cache static web pages and so if multiple people go to the same site, the page (or information on the pages) are only transmitted over the Internet once.  Squid also allows you to filter the sites you are going to.

Issue the command "cat /proc/sys/net/ipv4/ip_forward"  if you get back "1", then you are setup for IP forwarding, if you get back a "0" or "file does not exist", then you are not setup for IP forwarding.  To setup ipforwarding you can issue the command "echo  1>/proc/sys/net/ipv4/ip_forward"

The link I gave you is fairly simple, but it not based on Webmin.  You might be able to go to the Webmin site and see if they have simple instructions.

If you really do not want to use Squid, you will need to use IP address masqurading.  You can follow the information located here to help you get on your way:

http://www.linuxhelp.net/guides/ipmasq24/
0
 
LVL 1

Author Comment

by:aot2002
ID: 17890446
cat /proc/sys/net/ipv4/ip_forward
0

echo  1>/proc/sys/net/ipv4/ip_forward
-bash: echo: write error: Invalid argument

[root@ ~]# echo  1 >/proc/sys/net/ipv4/ip_forward

[root@ ~]# cat /proc/sys/net/ipv4/ip_forward
1


now reading link
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Install dhcp server on Ubuntu server 4 73
How to enable SSH in Ubuntu. 7 93
How to specify rdns for multi-homed mail server 5 38
Remote desktop Ubuntu from Windows 10 5 59
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question