We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

linux Firewall with webmin

aot2002
aot2002 asked
on
Medium Priority
2,851 Views
Last Modified: 2008-01-09
can someone point me to how to setup my port redirects with webmin on iptables

im in need of forwarding my internal lan port 80 to port 3128 to squid for transparent proxy

any help would be great. or if possible how could i setup so i wouldnt need squid and my computers could just go out the internet to www.google.com and return?

im using fedora core 5 and webmin with iptables.
my two ethernet cards are

eth0      Link encap:Ethernet  HWaddr 00:07:E9:D7:FC:4A
          inet addr:192.168.99.10  Bcast:192.168.99.255  Mask:255.255.255.0
          inet6 addr: fe80::207:e9ff:fed7:fc4a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1465992 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1926162 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:201943353 (192.5 MiB)  TX bytes:1609675194 (1.4 GiB)

eth1      Link encap:Ethernet  HWaddr 00:07:E9:D7:FC:4B
          inet addr:68.236.*.*  Bcast:68.236.1*.*  Mask:255.255.255.0
          inet6 addr: fe80::207:e9ff:fed7:fc4b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7814875 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8300252 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3615322993 (3.3 GiB)  TX bytes:2394278076 (2.2 GiB)
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2006

Commented:
i dont know in webmin but in text mode check this
http://lists.netfilter.org/pipermail/netfilter/2004-December/057512.html

Author

Commented:
thanks but i already have text instructions
need webmin please

anyone else?
CERTIFIED EXPERT
Top Expert 2014

Commented:
I am confused.  Do you want squid to do transparent proxy or do you not want to use squid?

Transparent proxy:

     http://tldp.org/HOWTO/TransparentProxy.html


If you do not want to use Squid (which I think using Squid is a good idea) you need to give us more information on your setup.  You may or may not just need to setup address Masquerading.

When in doubt, look at the config in Webmin (don't forget to view packet alteration and nat tables), follow the text instructions, then look the the config in Webmin again and see what the difference is.

Author

Commented:
ok basically what im trying to do is setup my two nic cards in my linux machine as a router

one to be my lan with DHCP
and one to be my WAN with NAT block

the trouble is i setup this and my computers dont seem to get to the net. only through squid they can i thought i'd setup squid through port 80 so it was transparent on the lan side but alot of other programs dont relay information back and forth from my linux firewall
even programs that established a connection from the lan side seem to not be able to get results back.
it could also be a routing issue.
i was hoping someone has done this before with simple basic instructions to get me started
CERTIFIED EXPERT
Top Expert 2014
Commented:
Do you have the Linux box setup to do IP routing/forwarding?

if you want to remove Squid from the picture then at a minumum you need to have the Linux box setup to do IP forwarding.

I would suggest that you use Squid as it can reduce traffic on your Internet connection.  Squid will cache static web pages and so if multiple people go to the same site, the page (or information on the pages) are only transmitted over the Internet once.  Squid also allows you to filter the sites you are going to.

Issue the command "cat /proc/sys/net/ipv4/ip_forward"  if you get back "1", then you are setup for IP forwarding, if you get back a "0" or "file does not exist", then you are not setup for IP forwarding.  To setup ipforwarding you can issue the command "echo  1>/proc/sys/net/ipv4/ip_forward"

The link I gave you is fairly simple, but it not based on Webmin.  You might be able to go to the Webmin site and see if they have simple instructions.

If you really do not want to use Squid, you will need to use IP address masqurading.  You can follow the information located here to help you get on your way:

http://www.linuxhelp.net/guides/ipmasq24/

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
cat /proc/sys/net/ipv4/ip_forward
0

echo  1>/proc/sys/net/ipv4/ip_forward
-bash: echo: write error: Invalid argument

[root@ ~]# echo  1 >/proc/sys/net/ipv4/ip_forward

[root@ ~]# cat /proc/sys/net/ipv4/ip_forward
1


now reading link
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.