Re: lug-bg: Problemi pri linux 2.4 i NAT sus iptables

[a.todorov@xxxxxxxxxx (Anton Todorov)]

On Tuesday 18 Dec 2001 12:15, you wrote:
> Zdrawejte
> Izchetoh iptables i NAT Howto.
> Iskam da podkaram "adres translaciata" obache ne wurwi kakto triabwa -
> raboti kato masquerading (iniciatiwa za konekcia samo w ednata posoka)
> Imam RH 7.2 kernel 2.4.16 wcicko za NAT e kompilirano wutre.
> 2 ethernet-a - eth0 172.16.31.100 i eth1 192.168.0.3
> Iskam PC-to 192.168.0.10 da izliza kato 172.16.31.110 i suotwetno wseki
> kojto potursi (ot eth0) 172.16.31.110 da wizda PC-to 192.168.0.10
> Okazwa se che sega raboti kato masquerading - PC-to izliza nawun no
> nikoj nemoze da inicira connection kum nego otwun (t.e. kum
> 172.16.31.110)
> Towa e komandata :
> iptables -t nat -I POSTROUTING -s 192.168.0.10 -o eth0 -j SNAT
> --to-source 172.16.31.110
> Niakakwi idei - kude burkam ? Kakwo ne sum prochel ili razbral kakto
> triabwa ?
> Izobshto kak prawite NAT-a za sluchaj kato moia ?
> Blagodaria wi predwaritelno

Ne znam dali shte ti pomogna, no eto kakwo pishe za puskaneto na transparent 
proxy sys squid na otdelna mashina twoqta situaciq misla che e blizka:

"For the purposes of example commands, let's assume we have two boxes called 
squid-box and iptables-box, and that they are on the network local-network. 
In the commands below, replace these strings with the actual IP addresses or 
name of your machines and network. 

First, the machine that squid will be running on, squid-box. You do not need 
iptables or any special kernel options on this machine, just squid. You do 
not need the 'http_accel' options as described above, just a plain squid 
(although, if you are a squid newbie, it is suggested that you read the above 
section on squid, since everything else but the 'http_accel' options will be 
useful to you). 

Now, the machine that iptables will be running on, iptables-box You will need 
to configure the kernel as described above, except that you don't need the 
REDIRECT target support). Now, for the iptables commands. You need three: 

iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp --dport 80 -j 
DNAT --to squid-box:3128
iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box -j SNAT 
--to iptables-box
iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0 -p tcp 
--dport 3128 -j ACCEPT

 The first one sends the packets to squid-box from iptables-box. The second 
makes sure that the reply gets sent back through iptables-box, instead of 
directly to the client (this is very important!). The last one makes sure the 
iptables-box will forward the appropriate packets to squid-box. It may not be 
needed. YMMV. Note that we specified '-i eth0' and then '-o eth0', which 
stands for input interface eth0 and output interface eth0. If your packets 
are entering and leaving on different interfaces, you will need to adjust the 
commands accordingly. "

Eto ti i linka ot kadeto go cheta
http://www.linuxdoc.org/HOWTO/mini/TransparentProxy-6.html
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora