I use something along the lines of the following to do a transparent proxy
via squid.
# Squid redirect
iptables -t nat -A PREROUTING -i bond0 -p tcp --src 192.168.0.0/16 \
--dport 80 -j DNAT --to 192.168.1.1:3128
# Don't think you need this one, It never see's any traffic!
iptables -t nat -A PREROUTING -i bond0 -p tcp --src 192.168.0.0/16 \
--dport 80 -j REDIRECT --to-port 3128
# And the following to see who is using my web server
iptables -t nat -A PREROUTING -i bond0 -p tcp ! --src 192.168.0.0/16 \
--dport 80 -j LOG --log-level info \
--log-prefix "Incoming HTTP req" --log-ip-options
Hope this helps....
Jan.
On Thu, 21 Oct 2010 13:33:13 Chris Haynes wrote:
> Although no strictly a 'firewall' question, I expect the experts on
> iptables are on this list.
>
> I have Debian lenny.
> $ uname -r
> 2.6.32.21-m64-mb1
>
> I'm trying to get the following iptables command to work (response shown
> on lines 2 & 3):
>
> $ sudo iptables -v -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT
> --to-port 8080
> REDIRECT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:80 redir
> ports 8080
> iptables: No chain/target/match by that name
>
> The system config checks I have run are:
> $ cat /proc/sys/net/ipv4/ip_forward
> 1
>
>
> $ sudo iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> $ /sbin/lsmod
> Module Size Used by
> xt_tcpudp 2431 0
> iptable_nat 4110 0
> nf_nat 13465 1 iptable_nat
> iptable_filter 1410 0
> ip_tables 14618 2 iptable_nat,iptable_filter
> x_tables 13916 3 xt_tcpudp,iptable_nat,ip_tables
> ipv6 254105 16
> nls_iso8859_15 4734 1
> nls_cp850 4985 1
>
>
> It looks as though I am missing a kernel module - one that would supply
> the PREROUTING and REDIRECT chain targets. Is that what's wrong?
>
> On a Ubuntu system the above command works OK.
>
> On executing /sbin/lsmod on the Ubuntu system a module 'ipt_REDIRECT' is
> listed - which would seem to be what I need on the Debian system.
>
> I've looked in /lib/modules/2.6.32.21-m64-mb1/kernel/net/ ipv4/netfilter
>
> It contains the following filters:
> arptable_filter.ko
> arpt_mangle.ko
> iptable_filter.ko
> iptable_nat.ko
> ip_tables.ko
> ipt_ah.ko
> ipt_ECN.ko
> ipt_MASQUERADE.ko
> ipt_ULOG.ko
> nf_nat.ko
> arp_tables.ko
> ip_queue.ko
> iptable_mangle.ko
> iptable_raw.ko
> ipt_addrtype.ko
> ipt_ecn.ko
> ipt_LOG.ko
> ipt_REJECT.ko
> nf_nat_ftp.ko
> nf_nat_sip.ko
>
> Looks like there are several there related to ip tables, but not
> (obviously) the one I need!
>
> Can anyone tell me how to get REDIRECT working, or suggest further
> diagnostics?
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/201010221434.42622.j_eringa@yahoo.co.nz
No comments:
Post a Comment