[CentOS] redirecting traffic using iptables

Mon Jan 31 12:49:08 UTC 2011
Giles Coochey <giles at coochey.net>

On 31/01/2011 13:46, Jobst Schmalenbach wrote:
> Hi.
>
> I have two internet connections, the ADSL2+ is very
> very cheap (but fast 10mb) and I want to use the SHDSL (2mb)
> only for mail,ssh,http OUT and the ADSL2+ only for
> surfing.
>
> I all works fine if people specify the proxy in the
> browser, but in case like flash it of no use.
>
> Further if I can make the 80/443 traffic go through
> the proxy only, its an added bonus. If this can be
> done, fine. Bue I want all 80/443 traffic go through host2.
>
>     SHDSL       ADSL2+
>    ------      -------
>    host 1      host2
>                SQUID
>    ------      -------
>        |        |
>       ------------
>          host3
>       ------------
>            |
>           eth1
>
> On host 3 I have been trying to do this with IPtables, but I am stuck,
> I tried to utilise squid too, does not work
>
> tried:
>
>    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80  -j DNAT --to $PROXY:3128
>    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to $PROXY:3128
>
> browser tell me "invalid request".
>
> All I want is to redirect all traffic through host2 if ports 443 and 80
> are encountered, thats all. If it goes through the proxy it is an
> added bonus, but not required.
>
>
> ANy ideas, anyone?
>
>
Read the transparent proxy howto... you may need to do SNAT as well as DNAT.
http://tldp.org/HOWTO/TransparentProxy-6.html

-- 
Best Regards,

Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: giles at coochey.net
Skype: gilescoochey



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5137 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20110131/2fbe2250/attachment-0005.p7s>