Hi.
I have two internet connections, the ADSL2+ is very very cheap (but fast 10mb) and I want to use the SHDSL (2mb) only for mail,ssh,http OUT and the ADSL2+ only for surfing.
I all works fine if people specify the proxy in the browser, but in case like flash it of no use.
Further if I can make the 80/443 traffic go through the proxy only, its an added bonus. If this can be done, fine. Bue I want all 80/443 traffic go through host2.
SHDSL ADSL2+ ------ ------- host 1 host2 SQUID ------ ------- | | ------------ host3 ------------ | eth1
On host 3 I have been trying to do this with IPtables, but I am stuck, I tried to utilise squid too, does not work
tried:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to $PROXY:3128 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to $PROXY:3128
browser tell me "invalid request".
All I want is to redirect all traffic through host2 if ports 443 and 80 are encountered, thats all. If it goes through the proxy it is an added bonus, but not required.
ANy ideas, anyone?
Jobst
On 31/01/2011 13:46, Jobst Schmalenbach wrote:
Hi.
I have two internet connections, the ADSL2+ is very very cheap (but fast 10mb) and I want to use the SHDSL (2mb) only for mail,ssh,http OUT and the ADSL2+ only for surfing.
I all works fine if people specify the proxy in the browser, but in case like flash it of no use.
Further if I can make the 80/443 traffic go through the proxy only, its an added bonus. If this can be done, fine. Bue I want all 80/443 traffic go through host2.
SHDSL ADSL2+
host 1 host2 SQUID
| | ------------ host3 ------------ | eth1
On host 3 I have been trying to do this with IPtables, but I am stuck, I tried to utilise squid too, does not work
tried:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to $PROXY:3128 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to $PROXY:3128
browser tell me "invalid request".
All I want is to redirect all traffic through host2 if ports 443 and 80 are encountered, thats all. If it goes through the proxy it is an added bonus, but not required.
ANy ideas, anyone?
Read the transparent proxy howto... you may need to do SNAT as well as DNAT. http://tldp.org/HOWTO/TransparentProxy-6.html
On Monday 31 January 2011 07:46, Jobst Schmalenbach wrote:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to $PROXY:3128 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to $PROXY:3128
browser tell me "invalid request".
From the man pages:
DNAT --to-destination ipaddr[-ipaddr][:port-port]
You could combined these two rules into one with Multiport. Check the MAN pages.
You are correct, I used section 6.1. Its working now
thanks
On Mon, Jan 31, 2011 at 01:49:08PM +0100, Giles Coochey (giles@coochey.net) wrote:
On 31/01/2011 13:46, Jobst Schmalenbach wrote:
Hi.
I have two internet connections, the ADSL2+ is very very cheap (but fast 10mb) and I want to use the SHDSL (2mb) only for mail,ssh,http OUT and the ADSL2+ only for surfing.
I all works fine if people specify the proxy in the browser, but in case like flash it of no use.
Further if I can make the 80/443 traffic go through the proxy only, its an added bonus. If this can be done, fine. Bue I want all 80/443 traffic go through host2.
SHDSL ADSL2+
host 1 host2 SQUID
| | ------------ host3 ------------ | eth1
On host 3 I have been trying to do this with IPtables, but I am stuck, I tried to utilise squid too, does not work
tried:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to $PROXY:3128 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to $PROXY:3128
browser tell me "invalid request".
All I want is to redirect all traffic through host2 if ports 443 and 80 are encountered, thats all. If it goes through the proxy it is an added bonus, but not required.
ANy ideas, anyone?
Read the transparent proxy howto... you may need to do SNAT as well as DNAT. http://tldp.org/HOWTO/TransparentProxy-6.html
-- Best Regards,
Giles Coochey NetSecSpec Ltd NL T-Systems Mobile: +31 681 265 086 NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Email/MSN/Live Messenger: giles@coochey.net Skype: gilescoochey
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos