Iptables: rules not applied?

Discussion in 'Linux Networking' started by julien, Aug 3, 2008.

  1. julien

    julien Guest

    Hello,
    I'm using iptables to redirect all the TCP traffic to a transparent
    proxy. It seems taht the rules are there:
    # iptables -t nat --list
    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination
    DNAT tcp -- anywhere !X.X.X.X to:X.X.X.X:Y

    Chain POSTROUTING (policy ACCEPT)
    target prot opt source destination
    MASQUERADE all -- anywhere anywhere

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    But when I do, for example, an HTTP request on port 80, it is not
    redirected to the proxy.

    I'm using Centos 5 on VMware


    The script I use:
    #!/bin/sh

    PROXY_IP="X.X.X.X"
    PROXY_PORT="Y"
    LAN="eth0"

    # Flush
    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    iptables -t mangle -F
    iptables -t mangle -X

    # Load modules
    modprobe ip_conntrack
    modprobe ip_conntrack_ftp
    # For win xp ftp client
    echo 1 > /proc/sys/net/ipv4/ip_forward


    # Re-routing

    iptables -t nat -A PREROUTING -i $LAN -p tcp -d ! $PROXY_IP -j DNAT --
    to $PROXY_IP:$PROXY_PORT
    iptables -t nat -A POSTROUTING -j MASQUERADE

    Any idea waht I am missing?

    Thank you
    Julien
     
    julien, Aug 3, 2008
    #1
    1. Advertisements

  2. julien

    Klunk Guest

    After running this doing a iptables -L shows the rules yes?
     
    Klunk, Aug 3, 2008
    #2
    1. Advertisements

  3. julien

    julien Guest

    Actually, it doesn't:
    # iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    But the rules are displayed with iptables -t nat --list
     
    julien, Aug 3, 2008
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.