Re: lug-bg: Local NAT to Proxy
- Subject: Re: lug-bg: Local NAT to Proxy
- From: yavo@email.domain.hidden (Yavor Shahpasov)
- Date: Sun, 15 Jun 2003 16:19:01 +0300
http://www.tldp.org/HOWTO/mini/TransparentProxy.html
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
REDIRECT --to-port 3128
<p>Tova bi trabvalo da bachka
<p>Yavor
----- Original Message -----
From: "Todor Belev" <todorin_at_abv.bg>
To: <lug-bg_at_linux-bulgaria.org>
Sent: Saturday, June 14, 2003 11:02 PM
Subject: lug-bg: Local NAT to Proxy
<p><em class="quotelev1">> Zdraveite,
<em class="quotelev1">> Opitvam se da si pusna Squid transparenten na Lokalnata mashina.
<em class="quotelev1">> Iskam s Iptables da redirektna kym lokalen port za da se keshira.
<em class="quotelev1">> No imam problemi:
<em class="quotelev1">> 1. Squida e konfiguriran za tansparent s pravilnite opcii i acl-i.
<em class="quotelev1">> 2. Probvam niakolko varianta Iptables bez nikakyv uspeh :
<em class="quotelev1">> iptables -t nat -A OUTPUT -d 0.0.0.0/0 -p tcp --dport 80 -j DNAT --to
127.0.0.1:8080
<em class="quotelev1">> Znachi ako opitam s PREROUTING ne se poluchava (logichno).
<em class="quotelev1">> S gornoto paketite zanimavat kym SQUIDA no se vryshta che sym DENT ot
proxy-to - mnogo stranno.Prinudih se da napisha http_access allow all i
vypreki vsichko bez uspeh.
<em class="quotelev1">> V kernela imam kompilirano
<em class="quotelev1">> NAT of local connection.
<em class="quotelev1">> V dokumentaciata na Ipfilter e pisano slednoto:
<em class="quotelev1">>
<em class="quotelev1">> he NAT code allows you to insert DNAT rules in the OUTPUT chain, but this
is not fully supported in 2.4 (it can be, but it requires a new
configuration option, some testing, and a fair bit of coding, so unless
someone contracts Rusty to write it, I wouldn't expect it soon).
<em class="quotelev1">>
<em class="quotelev1">> The current limitation is that you can only change the destination to the
local machine (e.g. `j DNAT --to 127.0.0.1'), not to any other machine,
otherwise the replies won't be translated correctly.
<em class="quotelev1">>
<em class="quotelev1">>
<em class="quotelev1">> Abe Vyobshte niakoi ima li opit s takyv tochno tip transparentno proxy,
govoria kogato trafika idva izrichno ot lokalnata mashina i trebe da se
nasochi kym proxy-to.
<em class="quotelev1">> Az ne uspiavam da go pusna...
<em class="quotelev1">>
<em class="quotelev1">> Todorin
<em class="quotelev1">>
<em class="quotelev1">> -----------------------------------------------------------------
<em class="quotelev1">> http://www.MURA.bg - Ãìóðíè ñå â èãðàòà!
<em class="quotelev1">>
============================================================================
<em class="quotelev1">> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
<em class="quotelev1">> http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara
Zagora
<em class="quotelev1">> To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
<em class="quotelev1">>
============================================================================
<em class="quotelev1">>
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|