Results 1 to 4 of 4

Thread: Iptables and nat

  1. #1
    Junior Member
    Join Date
    Mar 2007
    Posts
    16
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default Iptables and nat

    I have a transparent proxy server setup. If it's http stuff, it sends it to port 3128 for caching. Otherwise it goes on to the gateway. The issue arises in that some of us have access to a different network than others and there is no way to segregate the ip's right now since they all show as coming from the proxy server's ip.

    How can I configure iptables to nat any non-http packets as the originating ip?
    For example:
    My personal computer is 192.168.1.100. My ip has access to the 192.168.2.0 network.
    The proxy server is 192.168.1.2.
    The gateway is 192.168.1.1.

    If attempt to ssh to 192.168.2.10, it gets denied at the gateway because it thinks the proxy is trying to access that network.

    I need to send the packets from the proxy masqueraded as my computer's ip so that the gateway will allow it.
    The originating ip is not always the same. We have about 200 machines.

  2. #2
    Is that all you got? rockdalinux's Avatar
    Join Date
    May 2005
    Location
    Planet Vegeta
    Posts
    987
    Thanks
    27
    Thanked 71 Times in 62 Posts
    Rep Power
    20

    Default

    It looks like nat is only configured for port 80 squid. To allow port 22 (ssh) and others you need to reconfigure iptables firewall.
    Rocky Jr.
    What's wrong? I hope I am not making you uncomfortable...

    Never send a boy to do a mans job.

  3. #3
    Junior Member
    Join Date
    Mar 2007
    Posts
    16
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default

    Quote Originally Posted by rockdalinux View Post
    It looks like nat is only configured for port 80 squid. To allow port 22 (ssh) and others you need to reconfigure iptables firewall.
    The firewall is already configured to allow ssh. The issue is I need to forward the ssh packets on to the gateway and make it look like it's coming from the original ip, not the proxy's ip. The wrench in the system is that the originating ip can be many different ones. How can I spoof or masquerade as the original ip?

  4. #4
    Junior Member
    Join Date
    Nov 2008
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Cool

    Dear Friend,

    for transparent squid,you need to redirect all your internal LAN 80 port traffic onto squid port 3128.It's very easy way.

    Another thing,by default,sshd service is allowed in linux.So,if you have implemented any "iptables" rule, then remove it or allow your sshd port 22 from inside LAN.

    Also,please send me your complete scenario,bcoz you have 2 networks i.e.192.168.1.0 & 2.0 ,So it is little bit confusing.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Iptables
    By amsreeku in forum Linux software
    Replies: 3
    Last Post: 19th July 2008, 09:29 PM
  2. Iptables
    By amsreeku in forum Linux software
    Replies: 0
    Last Post: 9th July 2008, 07:30 PM
  3. Iptables Help
    By santhosheph in forum CentOS / RHEL / Fedora
    Replies: 0
    Last Post: 9th June 2008, 03:36 PM
  4. iptables help
    By vitaminme in forum Networking, Firewalls and Security
    Replies: 1
    Last Post: 4th September 2007, 02:42 AM
  5. IPTABLES help
    By vasanth in forum Linux software
    Replies: 1
    Last Post: 9th March 2005, 09:15 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •