Re: lug-bg: Local NAT to Proxy

[gf@email.domain.hidden (Georgi Chorbadzhiyski)]

Todor Belev wrote:
<em class="quotelev1">> Zdraveite,
<em class="quotelev1">> Opitvam se da si pusna Squid transparenten na Lokalnata mashina.
<em class="quotelev1">> Iskam s Iptables da redirektna kym lokalen port za da se keshira.
<em class="quotelev1">> No imam problemi:
<em class="quotelev1">> 1. Squida e konfiguriran za tansparent s pravilnite opcii i acl-i.
<em class="quotelev1">> 2. Probvam niakolko varianta Iptables bez nikakyv uspeh :
<em class="quotelev1">> iptables -t nat -A OUTPUT -d 0.0.0.0/0   -p tcp --dport 80 -j DNAT --to 127.0.0.1:8080
<em class="quotelev1">> Znachi ako opitam s PREROUTING ne se poluchava (logichno).

iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8080

Znachi testvah i go raboti, toest redirectva. OBACHE, shtom squida e
na sashtata mashina toi shte se opitva da otvori nova konekcia, kam
saita koito si mu kazal. Tyi kato tova shte stane na port 80 kernela
pak shte redirectne paketa i t.n. Mislia si che na mashnata na koeto
ti e proxy-to _za neia_ mai niama da mozhesh da nastroish prozrachno
proxy. Ponezhe niamam proxy naokolo tazi teoria ne sam ia probval no
zvuchi pravdopodno.

Podal hack mozhe da e da nakarash squida da izpolzva opredelen pool
localni portove za zaivkite primerno 10000-20000 i da napravish
rule-to neshto ot sorta:

iptables -t nat -A OUTPUT -p tcp --sport ! 10000:20000 \
   --dport 80 -j REDIRECT --to-port 8080

No localnite potrebilite koito iskash da proxirash shte mogat da
zaobikaliat proxyto.

<p>
-- 
Georgi Chorbadzhiyski
http://georgi.unixsol.org/
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================