Dansguardian/Squid machine as network gateway - how I do setup IP Tables?
I've got an Ubuntu box, server 7.10, single NIC setup and running Dans Gaurdian and Squid. I've got the box working as a proxy server. Here is the only IP Tables rule in there right now:
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 192.168.15.91:8080
That works great for proxy only, but what I would like to do is make this machine the gateway for the whole network, and just send all non 80 outbound traffic to the actually gateway at 192.168.15.252. I have a whole list of rules I've tried that don't work, for example (assume for all these broekn examples, that the above rule is still applied):
sudo iptables -t nat -A PREROUTING -i eth0 --protocol tcp -j DNAT --to-destination 192.168.15.252
sudo iptables -t nat -A PREROUTING -i eth0 --protocol udp -j DNAT --to-destination 192.168.15.252
or this:
sudo iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 192.168.15.252
or this (before I remembered that IPTables works in a linear fashion, once it matches a rule it stops processing):
sudo iptables -t nat -A FORWARD -p udp --dport 1:79 -i eth0 -j DNAT --to-destination 192.168.15.252
sudo iptables -t nat -A FORWARD -p udp --dport 80:65535 -i eth0 -j DNAT --to-destination 192.168.15.252
sudo iptables -t nat -A FORWARD -p tcp --dport 1:79 -i eth0 -j DNAT --to-destination 192.168.15.252
sudo iptables -t nat -A FORWARD -p tcp --dport 81:65535 -i eth0 -j DNAT --to-destination 192.168.15.252
None of that worked. I've tried everything I can think of, but I'm just not getting something right. when I try to use the DG box as the gateway on my local machine, the internet works, but all other outbound traffic is stopped by the DG box.
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 192.168.15.91:8080
That works great for proxy only, but what I would like to do is make this machine the gateway for the whole network, and just send all non 80 outbound traffic to the actually gateway at 192.168.15.252. I have a whole list of rules I've tried that don't work, for example (assume for all these broekn examples, that the above rule is still applied):
sudo iptables -t nat -A PREROUTING -i eth0 --protocol tcp -j DNAT --to-destination 192.168.15.252
sudo iptables -t nat -A PREROUTING -i eth0 --protocol udp -j DNAT --to-destination 192.168.15.252
or this:
sudo iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 192.168.15.252
or this (before I remembered that IPTables works in a linear fashion, once it matches a rule it stops processing):
sudo iptables -t nat -A FORWARD -p udp --dport 1:79 -i eth0 -j DNAT --to-destination 192.168.15.252
sudo iptables -t nat -A FORWARD -p udp --dport 80:65535 -i eth0 -j DNAT --to-destination 192.168.15.252
sudo iptables -t nat -A FORWARD -p tcp --dport 1:79 -i eth0 -j DNAT --to-destination 192.168.15.252
sudo iptables -t nat -A FORWARD -p tcp --dport 81:65535 -i eth0 -j DNAT --to-destination 192.168.15.252
None of that worked. I've tried everything I can think of, but I'm just not getting something right. when I try to use the DG box as the gateway on my local machine, the internet works, but all other outbound traffic is stopped by the DG box.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've also done this:
sudo pico /etc/sysctl.conf
where I editted the line:
#net.ipv4.conf.default.for
I also had to change the line in the syscrt.conf file to read "net.ipv4.ip_forward=1
after a reboot, I re-applied the following 2 iptable rules:
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 192.168.15.91:8080
sudo iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.15.91
and it started working just like it should! I could not have done this without your help, so I'm closing this question and awarding you the points.
Thanks again!!!
sudo pico /etc/sysctl.conf
where I editted the line:
#net.ipv4.conf.default.for
I also had to change the line in the syscrt.conf file to read "net.ipv4.ip_forward=1
after a reboot, I re-applied the following 2 iptable rules:
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 192.168.15.91:8080
sudo iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.15.91
and it started working just like it should! I could not have done this without your help, so I'm closing this question and awarding you the points.
Thanks again!!!
ASKER
Thanks again!
ASKER
The default GW is already set to 192.168.15.252 (double checked!)
Typing in the iptables -t nat -A POSTROUTING -o eth0....etc command produces no output whatsoever, the ssh session just locks up and the box has to be rebooted.
The first echo command just echos "Enabling IP Forwarding" in the screen
The second echo command give me this output:
sudo echo 1 > /proc/sys/net/ipv4/ip_forw
-bash: /proc/sys/net/ipv4/ip_forw
I tried it without the sudo also, and it gave the same output.