[CentOS] Iptables Question
Joseph L. Casale
JCasale at activenetwerx.comWed Dec 10 20:22:36 UTC 2008
- Previous message: [CentOS] bind specific ip address to iscsi target
- Next message: [CentOS] Iptables Question
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I have a squid proxy running transparently, so in my firewall script I run the following fairly early: iptables -A PREROUTING -t nat -i $LAN -p tcp -m multiport --dports 80,443 -j REDIRECT --to-port 3128 This is a multihomed server so after this change the masquerading was removed (as only web access on the lan side of this server was needed). I now need to masq cleanly one device so that it can bypass the squid proxy. As order is important, would it be correct to put the following _in front_ of the PREROUTING command above: iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE iptables -A FORWARD -i $LAN -o $WAN -m mac --mac-source <mac addr> -m state --state NEW,ESTABLISHED,RELATED -p tcp -m multiport --dports 443 -j ACCEPT iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED -j ACCEPT Where is the best place to filter for the mac in this scenario? I am hoping anything w/o this mac will skip the whole masq setup and enter the PREROUTING command below, resulting in the traffic being proxied through squid. Thanks! jlc
- Previous message: [CentOS] bind specific ip address to iscsi target
- Next message: [CentOS] Iptables Question
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list