Hi...
Even though this involves a router problem, it also involves IPTABLES (which
is the primary problem). I am using the Sveasoft firmware which allows me
to TELNET into the router and set-up the IPTABLES. The firmware is awesome
(using the latest 3.11), but I'm having trouble sending all my web traffic
(port 80) to an external outside proxy server (on a different port). This
was my guess:
# Clear all iptables
iptables --flush
iptables --delete-chain
# Masquerade
iptables -t nat -A POSTROUTING -o vlan1 -j MASQUERADE
# Transparent Proxy
# iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j
REDIRECT --to-port 8902
# Transparent Proxy (to a Remote Box)
iptables -t nat -A PREROUTING -i br0 -s ! 192.168.1.1 -p tcp --dport 80 -j
DNAT --to 209.197.41.4:8902
iptables -t nat -A POSTROUTING -o vlan1 -s 192.168.1.0/26 -d 209.197.41.4 -j
SNAT --to 192.168.1.1
iptables -A FORWARD -s 192.168.1.0/26 -d 209.197.41.4 -i br0 -o vlan1 -p
tcp --dport 80 -j ACCEPT
iptables -A INPUT -i vlan1 -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -i vlan1 -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -i vlan1 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i vlan1 -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -i vlan1 -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -i vlan1 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i vlan1 -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -i vlan1 -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -i vlan1 -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -i vlan1 -p tcp --dport 8902 -j ACCEPT
Notes: The input interface is br0 and the output interface is vlan1
according to Sveasoft. What's even worse is that i can't access the web
interface (192.168.1.1) and if I disconnect the TELNET from the router ... I
can't reconnect. If i stay connected, I can recover by entering this
command:
iptables -F
iptables -t nat -I PREROUTING -i + -s 192.168.1.100/26 -p tcp --dport 80 -j
ACCEPT
then going to 192.168.1.1 and saving the settings. Any help would be much
appreciated! Thanks!
|
Similar Threads
Linear Mode
