Dansguardian/Squid machine as network gateway - how I do setup IP Tables?

I've got an Ubuntu box, server 7.10, single NIC setup and running Dans Gaurdian and Squid.  I've got the box working as a proxy server.  Here is the only IP Tables rule in there right now:

sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0  -j DNAT --to 192.168.15.91:8080

That works great for proxy only, but what I would like to do is make this machine the gateway for the whole network, and just send all non 80 outbound traffic to the actually gateway at 192.168.15.252.  I have a whole list of rules I've tried that don't work, for example (assume for all these broekn examples, that the above rule is still applied):

sudo iptables -t nat -A PREROUTING -i eth0 --protocol tcp -j DNAT --to-destination 192.168.15.252
sudo iptables -t nat -A PREROUTING -i eth0 --protocol udp -j DNAT --to-destination 192.168.15.252

or this:

sudo iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 192.168.15.252

or this (before I remembered that IPTables works in a linear fashion, once it matches a rule it stops processing):

sudo iptables -t nat -A FORWARD -p udp --dport 1:79 -i eth0 -j DNAT --to-destination 192.168.15.252
sudo iptables -t nat -A FORWARD -p udp --dport 80:65535 -i eth0 -j DNAT --to-destination 192.168.15.252
sudo iptables -t nat -A FORWARD -p tcp --dport 1:79 -i eth0 -j DNAT --to-destination 192.168.15.252
sudo iptables -t nat -A FORWARD -p tcp --dport 81:65535 -i eth0 -j DNAT --to-destination 192.168.15.252

None of that worked.  I've tried everything I can think of, but I'm just not getting something right.  when I try to use the DG box as the gateway on my local machine, the internet works, but all other outbound traffic is stopped by the DG box.
LVL 2
pbenningfieldAsked:
Who is Participating?
 
http:// thevpn.guruConnect With a Mentor Commented:
Try this


route add default gw 192.168.15.252   dev eth0

iiptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source ip.of.dansguardian.box
echo "Enabling IP forwarding"
echo 1 > /proc/sys/net/ipv4/ip_forward
0
 
pbenningfieldAuthor Commented:
Thanks for the reply!  I got tied up a bit, but I'm back in the game again and I'll be able to test things more rapidly now.  

The default GW is already set to 192.168.15.252 (double checked!)

Typing in the iptables -t nat -A POSTROUTING -o eth0....etc command produces no output whatsoever, the ssh session just locks up and the box has to be rebooted.  

The first echo command just echos "Enabling IP Forwarding" in the screen

The second echo command give me this output:
sudo echo 1 > /proc/sys/net/ipv4/ip_forwarding                  
-bash: /proc/sys/net/ipv4/ip_forwarding: No such file or directory

I tried it without the sudo also, and it gave the same output.
0
 
pbenningfieldAuthor Commented:
I've also done this:
sudo pico /etc/sysctl.conf
where I editted the line:
#net.ipv4.conf.default.forwarding=1 (I removed the comment #)

I also had to change the line in the syscrt.conf file to read "net.ipv4.ip_forward=1

after a reboot, I re-applied the following 2 iptable rules:
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0  -j DNAT --to 192.168.15.91:8080
sudo iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.15.91

and it started working just like it should!  I could not have done this without your help, so I'm closing this question and awarding you the points.  

Thanks again!!!
0
 
pbenningfieldAuthor Commented:
Thanks again!
0
All Courses

From novice to tech pro — start learning today.