Results 1 to 2 of 2

Thread: iptables to forward traffic

  1. #1
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    14

    Default iptables to forward traffic

    hello...

    i have a router with multiple interfaces

    eth0 "internet"
    eth1 "10.2.2.1"
    eth2 "10.3.3.1"


    and i have a transparent proxy which is over the INTERNET

    and i want to forward all web traffic either from eth1 or eth2 to the proxy server which is located in the internet

    i have these rules which works for 1 subnet i guess:

    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -d 10.2.2.1 -j ACCEPT
    iptables -t nat -A PREROUTING -i eth1 -s ! proxyip -p tcp --dport 80 -j DNAT --to proxyip:8080
    iptables -t nat -A POSTROUTING -o eth1 -s 10.2.2.1/24 -d proxyip -j SNAT --to 10.2.2.1
    iptables -I FORWARD -s 10.2.2.1/24 -d proxyip -i eth1 -p tcp --dport 8080 -j ACCEPT


    but i dont want to put any IPS or subnet other than the proxyip in the rules

    is it possible ?

    in other words:

    can i use a rules to forward all web traffic going through eth0 to the proxyip whatever the network subnet/range/ip is just forward all web traffic from eth0 to the proxy

    you may wonder why...because i want to use these rules in a shell script to run it in multiple routers with different ips/ranges

  2. #2
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default

    I may be off here but I think it would make sense to just make the IP's variables. Then when you can call the shell script with values for the variables. So something like this

    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -d $1 -j ACCEPT
    iptables -t nat -A PREROUTING -i eth1 -s ! proxyip -p tcp --dport 80 -j DNAT --to proxyip:8080
    iptables -t nat -A POSTROUTING -o eth1 -s $2 -d proxyip -j SNAT --to $I1
    iptables -I FORWARD -s $2 -d proxyip -i eth1 -p tcp --dport 8080 -j ACCEPT

    and call like this
    sh nameofyourscript.sh 10.2.2.1 10.2.2.1/24

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •