[K12OSN] Help with iptables

James P. Kinney III jkinney at localnetsolutions.com
Tue Dec 9 22:43:37 UTC 2008 

See below

On Tue, 2008-12-09 at 15:44 +0000, Brian Chivers wrote:
> I'm having some problems with our iptables on our K12LTSP EL5 box. What I'd like to do is force all 
> traffic through our proxy EXCEPT local 192.168 & DMZ 172.16 traffic.
> 
> I've copied the notes on the Wiki and that works except the local / DMZ traffic still goes via the 
> proxy. I've added .portsmouth-college.ac.uk to the proxy bypass but this causes the machines to be 
> stopped going to local addresses. I think it's the NAT section that is the problem.
> 
> Any ideas ??
> 
> Thanks
> Brian
> 
> This is the dump of iptables I have
> 
> # Generated by iptables-save v1.3.5 on Tue Dec  9 15:16:57 2008
> *mangle
> :PREROUTING ACCEPT [375588828:72798580212]
> :INPUT ACCEPT [375588263:72798529543]
> :FORWARD ACCEPT [288:17280]
> :OUTPUT ACCEPT [599782127:692898036982]
> :POSTROUTING ACCEPT [599782441:692898067655]
> COMMIT
> # Completed on Tue Dec  9 15:16:57 2008
> # Generated by iptables-save v1.3.5 on Tue Dec  9 15:16:57 2008
> *filter
> :INPUT ACCEPT [375588263:72798529543]
> :FORWARD ACCEPT [288:17280]
> :OUTPUT ACCEPT [599782046:692898029854]
> COMMIT
> # Completed on Tue Dec  9 15:16:57 2008
> # Generated by iptables-save v1.3.5 on Tue Dec  9 15:16:57 2008
> *nat
> :PREROUTING ACCEPT [3638527:670011055]
> :POSTROUTING ACCEPT [2458078:165610024]
> :OUTPUT ACCEPT [2454988:165424624]
-A PREROUTING -s 192.168.0.0/255.255.0.0 -p tcp -m tcp --dport 80 -j
ACCEPT
-A PREROUTING -s 172.16.0.0/255.255.0.0 -p tcp -m tcp --dport 80 -j
ACCEPT
> -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.80:8080
kill the next line. it forces everything through the proxy
> -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.80:8080
> COMMIT
> # Completed on Tue Dec  9 15:16:57 2008
> 
> 
> ------------------------------------------------------------------------------------------------
>     The views expressed here are my own and not necessarily
>  
>                 the views of Portsmouth College    
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
> 
-- 
James P. Kinney III          
CEO & Director of Engineering 
Local Net Solutions,LLC                           
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the K12OSN mailing list