Re: lug-bg: Local NAT to Proxy
- Subject: Re: lug-bg: Local NAT to Proxy
- From: kal_pav@email.domain.hidden (Pavel Minev Penev)
- Date: Sun, 15 Jun 2003 03:17:56 +0300
On Sun, Jun 15, 2003 at 12:46:19AM +0300, Georgi Chorbadzhiyski wrote:
<em class="quotelev1">> Todor Belev wrote:
<em class="quotelev2">> >Zdraveite,
<em class="quotelev2">> >Opitvam se da si pusna Squid transparenten na Lokalnata mashina.
<em class="quotelev2">> >Iskam s Iptables da redirektna kym lokalen port za da se keshira.
<em class="quotelev2">> >No imam problemi:
<em class="quotelev2">> >1. Squida e konfiguriran za tansparent s pravilnite opcii i acl-i.
<em class="quotelev2">> >2. Probvam niakolko varianta Iptables bez nikakyv uspeh :
<em class="quotelev2">> >iptables -t nat -A OUTPUT -d 0.0.0.0/0 -p tcp --dport 80 -j DNAT --to
<em class="quotelev2">> >127.0.0.1:8080
<em class="quotelev2">> >Znachi ako opitam s PREROUTING ne se poluchava (logichno).
<em class="quotelev1">>
<em class="quotelev1">> iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8080
<em class="quotelev1">>
<em class="quotelev1">> Znachi testvah i go raboti, toest redirectva. OBACHE, shtom squida e
<em class="quotelev1">> na sashtata mashina toi shte se opitva da otvori nova konekcia, kam
<em class="quotelev1">> saita koito si mu kazal. Tyi kato tova shte stane na port 80 kernela
<em class="quotelev1">> pak shte redirectne paketa i t.n. Mislia si che na mashnata na koeto
<em class="quotelev1">> ti e proxy-to _za neia_ mai niama da mozhesh da nastroish prozrachno
<em class="quotelev1">> proxy. Ponezhe niamam proxy naokolo tazi teoria ne sam ia probval no
<em class="quotelev1">> zvuchi pravdopodno.
<em class="quotelev1">>
<em class="quotelev1">> Podal hack mozhe da e da nakarash squida da izpolzva opredelen pool
<em class="quotelev1">> localni portove za zaivkite primerno 10000-20000 i da napravish
<em class="quotelev1">> rule-to neshto ot sorta:
<em class="quotelev1">>
<em class="quotelev1">> iptables -t nat -A OUTPUT -p tcp --sport ! 10000:20000 \
<em class="quotelev1">> --dport 80 -j REDIRECT --to-port 8080
<em class="quotelev1">>
<em class="quotelev1">> No localnite potrebilite koito iskash da proxirash shte mogat da
<em class="quotelev1">> zaobikaliat proxyto.
Networking options --->
IP: Netfilter Configuration --->
Owner match support (EXPERIMENTAL)
CONFIG_IP_NF_MATCH_OWNER:
Packet owner matching allows you to match locally-generated packets
based on who created them: the user, group, process or session.
If you want to compile it as a module, say M here and read
Documentation/modules.txt. If unsure, say `N'.
--
Pav
,.,
,``:'',
Gain your human right of {o ! o} My GPG/PGP key is now available at
privacy: use cryptography! ] -+- [ x-hkp://search.keyserver.net:11371.
\ ! /
`-'
`shell$ gpg --keyserver x-hkp://search.keyserver.net:11371 --recv-key 164C028F`
http://www.againsttcpa.com/index.shtml
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
<hr>Attachment:
part
Description: PGP signature
|