k12osn@redhat.com
[Top] [All Lists]

Re: [K12OSN] Help with iptables

Subject: Re: [K12OSN] Help with iptables
From: "James P. Kinney III"
Date: Tue, 09 Dec 2008 17:43:37 -0500
See below

On Tue, 2008-12-09 at 15:44 +0000, Brian Chivers wrote:
> I'm having some problems with our iptables on our K12LTSP EL5 box. What I'd 
> like to do is force all 
> traffic through our proxy EXCEPT local 192.168 & DMZ 172.16 traffic.
> 
> I've copied the notes on the Wiki and that works except the local / DMZ 
> traffic still goes via the 
> proxy. I've added .portsmouth-college.ac.uk to the proxy bypass but this 
> causes the machines to be 
> stopped going to local addresses. I think it's the NAT section that is the 
> problem.
> 
> Any ideas ??
> 
> Thanks
> Brian
> 
> This is the dump of iptables I have
> 
> # Generated by iptables-save v1.3.5 on Tue Dec  9 15:16:57 2008
> *mangle
> :PREROUTING ACCEPT [375588828:72798580212]
> :INPUT ACCEPT [375588263:72798529543]
> :FORWARD ACCEPT [288:17280]
> :OUTPUT ACCEPT [599782127:692898036982]
> :POSTROUTING ACCEPT [599782441:692898067655]
> COMMIT
> # Completed on Tue Dec  9 15:16:57 2008
> # Generated by iptables-save v1.3.5 on Tue Dec  9 15:16:57 2008
> *filter
> :INPUT ACCEPT [375588263:72798529543]
> :FORWARD ACCEPT [288:17280]
> :OUTPUT ACCEPT [599782046:692898029854]
> COMMIT
> # Completed on Tue Dec  9 15:16:57 2008
> # Generated by iptables-save v1.3.5 on Tue Dec  9 15:16:57 2008
> *nat
> :PREROUTING ACCEPT [3638527:670011055]
> :POSTROUTING ACCEPT [2458078:165610024]
> :OUTPUT ACCEPT [2454988:165424624]
-A PREROUTING -s 192.168.0.0/255.255.0.0 -p tcp -m tcp --dport 80 -j
ACCEPT
-A PREROUTING -s 172.16.0.0/255.255.0.0 -p tcp -m tcp --dport 80 -j
ACCEPT
> -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 
> 192.168.0.80:8080
kill the next line. it forces everything through the proxy
> -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.80:8080
> COMMIT
> # Completed on Tue Dec  9 15:16:57 2008
> 
> 
> ------------------------------------------------------------------------------------------------
>     The views expressed here are my own and not necessarily
>  
>                 the views of Portsmouth College    
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
> 
-- 
James P. Kinney III          
CEO & Director of Engineering 
Local Net Solutions,LLC                           
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney@xxxxxxxxxxxxxxxxxxxxx>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
K12OSN mailing list
K12OSN@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>

<Prev in Thread] Current Thread [Next in Thread>