Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
IP Tables Configuration Issue
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
GeoAB
n00b
n00b


Joined: 27 Mar 2014
Posts: 2

PostPosted: Thu Mar 27, 2014 1:24 pm    Post subject: IP Tables Configuration Issue Reply with quote

We are currently using the below rule to route network traffic from port 80 to port 8080 as a proxy server...

iptables -t nat -A PREROUTING -m tcp -p tcp --dport 80 -j REDIRECT --to-port 8080

Currently we have an issue that this proxy server cannot get to a specific host on the network (10.1.1.1), but from the network (172.16.16.0) in front of this proxy server we can. Without the nat rule above in place it just forwards the traffic and works without an issue so to get round this we were thinking of putting in another rule which excludes anything going to 10.1.1.1 from 172.16.16.0 so that it can bypass our nat rule above.

Anybody have any ideas on what rule we can use to do this?
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 3867
Location: Dallas area

PostPosted: Thu Mar 27, 2014 3:21 pm    Post subject: Reply with quote

"man iptables"

you can filter by source and destination including "!" negating

look for -s (source) and -d (destination) options
_________________
Asus m5a99fx, FX 8320 - nouveau, oss4, rx550 for qemu passthrough
Acer laptop E5-575, i3-7100u - i965, alsa
---both---
5.0.13 zen kernel, profile 17.0 (no-pie) amd64-no-multilib
gcc 8.2.0, eudev, openrc, openbox, palemoon
Back to top
View user's profile Send private message
thegeezer
n00b
n00b


Joined: 11 Jul 2010
Posts: 34

PostPosted: Thu Mar 27, 2014 4:53 pm    Post subject: need to be more specific in the rule Reply with quote

your rule says for everything going to port 80 redirec to 8080.
this includes itself.

adjust to be :

# iptables -t nat -A PREROUTING -i eth0 -m tcp ....

where eth0 is your lan
Back to top
View user's profile Send private message
GeoAB
n00b
n00b


Joined: 27 Mar 2014
Posts: 2

PostPosted: Mon Mar 31, 2014 9:48 am    Post subject: Reply with quote

Thanks for your suggestions...

we managed to get it working using the following....

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -d 89.207.48.0/24 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -d 172.20.15.10 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 172.29.255.254:8080
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum