Almquist Burke wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Dec 9, 2008, at 9:44 AM, Brian Chivers wrote:
I'm having some problems with our iptables on our K12LTSP EL5 box.
What I'd like to do is force all traffic through our proxy EXCEPT
local 192.168 & DMZ 172.16 traffic.
I've copied the notes on the Wiki and that works except the local /
DMZ traffic still goes via the proxy. I've added
.portsmouth-college.ac.uk to the proxy bypass but this causes the
machines to be stopped going to local addresses. I think it's the NAT
section that is the problem.
Any ideas ??
Thanks
Brian
It would help is we knew what kind of setup you have on the network, and
where your proxy is running in relation to all of this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iEYEARECAAYFAkk/kNAACgkQxWV7OPa/g5FhKQCeJlsVePnDJvcOMvaYmgS9adAN
VawAn2SMI0ORuc2YLWFmXfyK6XWA8bft
=LDGo
-----END PGP SIGNATURE-----
_______________________________________________
K12OSN mailing list
K12OSN@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
I'll try and draw a ASCII diagram, try being the word :-)
Thinclients 10.0.0.x
|
|
Server 10.0.0.1
192.168.0.100
|
|
MAIN NETWORK (All servers on 192.168.0.x/16 - Proxy 192.168.0.80:8080
|
|
Firewall (Green Network - 192.168.0.2)
(Orange DMZ - 172.16.0.x)
(Red - 212.219.x.x)
|
|
CISCO to Internet
What I don't want to is the thinclients to be able to access the internet WITHOUT the proxy but I'd
like them to be able to access the DMZ machines without using the proxy.
Thanks
Brian
------------------------------------------------------------------------------------------------
The views expressed here are my own and not necessarily
the views of Portsmouth College
_______________________________________________
K12OSN mailing list
K12OSN@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
|