Hello Am Sonntag, 29. Januar 2006 19:45 schrieb hanasaki: > The goal is to have an internal webserver: > - DONE - running on a high numbered port > - DONE - firewall forwards 80->7777 on webserver > - DONE - external hits on www.blah.com > served by the httpserver > - ???? - internal/intranet also can hit > the webserver as www.blah.com > > The problem is that www.blah.com resolves to the external internet IP > and then gets routed out of the firewall which does not come back in and > get forwarded to the internal webserver. It would be ideal if internal > web browser hits went straight to the internal server. > > What iptable rule can be put on the firewall so that internal port 80 > traffic going to the external NIC on port 80 comes back to the internal > webserver on port 7777?
iptables -t nat -A PREROUTING -s LOCAL-NETWORK -d $EXTERNAL-IP -p tcp --dport 80 -j DNAT --to-destination $LOCALIP:7777 > Is there a way to make squid get all hits to a specific address (the > external) from a diff address (the internal)? I tried jares redirector > but that changes the URL and the web server uses virtual hosts. Sorry, I don't get that one. Google either for "reverse squid" or (another topic) take a look at http://www.tldp.org/HOWTO/TransparentProxy.html I guess, you are refering to one of these issues, but I don't know exactly. > I am using a squid proxy on host:proxyhttp:8080 that is not transparent > (ie: needs the proxy manually configured in the web browsers). This is > because transparent proxies don't work for ports other than 80, unless > they are configured for each outgoing http port, which then always goes > via squid and cannot be used for any other purpose. You can also specify port ranges when using iptables... Furthermore you may detect http-traffic on protocol level. Some iptables based p2p-block approaches like p2pwall [1] use this technique. > Ran into this when > trying to hit a CPanel at a web hoster that was on some high numbered port. Keep smiling yanosz [1]http://www.lowth.com/p2pwall/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
