On 31/01/2011 13:46, Jobst Schmalenbach wrote: > Hi. > > I have two internet connections, the ADSL2+ is very > very cheap (but fast 10mb) and I want to use the SHDSL (2mb) > only for mail,ssh,http OUT and the ADSL2+ only for > surfing. > > I all works fine if people specify the proxy in the > browser, but in case like flash it of no use. > > Further if I can make the 80/443 traffic go through > the proxy only, its an added bonus. If this can be > done, fine. Bue I want all 80/443 traffic go through host2. > > SHDSL ADSL2+ > ------ ------- > host 1 host2 > SQUID > ------ ------- > | | > ------------ > host3 > ------------ > | > eth1 > > On host 3 I have been trying to do this with IPtables, but I am stuck, > I tried to utilise squid too, does not work > > tried: > > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to $PROXY:3128 > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to $PROXY:3128 > > browser tell me "invalid request". > > All I want is to redirect all traffic through host2 if ports 443 and 80 > are encountered, thats all. If it goes through the proxy it is an > added bonus, but not required. > > > ANy ideas, anyone? > > Read the transparent proxy howto... you may need to do SNAT as well as DNAT. http://tldp.org/HOWTO/TransparentProxy-6.html -- Best Regards, Giles Coochey NetSecSpec Ltd NL T-Systems Mobile: +31 681 265 086 NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Email/MSN/Live Messenger: giles at coochey.net Skype: gilescoochey -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5137 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.centos.org/pipermail/centos/attachments/20110131/2fbe2250/attachment-0005.p7s>