--- On Wed, 8/4/09, Shantanu Goel <[email protected]> wrote:
From: Shantanu Goel <[email protected]> Subject: [ilugd] iptables + selective proxying of connections To: "The Linux-Delhi mailing list" <[email protected]> Date: Wednesday, 8 April, 2009, 1:16 AM Hi I need some help on iptables if anyone knows about it here. I have a linux based router and 3 machines (A, B, C) that connect it to access the internet. I need to selectively route a couple of these machines through proxy server(s) while keeping the 3rd machine's connection untouched. I am guessing that I should be able to find an answer through iptables. Please let me know if someone has done something like this before. The router has most linux commands and tools available on it. ----------------------------------------------------------------------------------------------------------------- Yes the magic of squid and iptables will come into play here. The following might not be a complete solution but sure enough to get you started. (I implemented this solution few years back and hence will need to recall exactly what i did, but this setup worked for sure!) $iptables -A FORWARD -i eth0 -p tcp --dport 80 -j ACCEPT $iptables -t nat -A PREROUTING -i eth0 -p tcp -d your.router.ip.here --dport 80 -j DNAT --to-destination your.proxy.server.ip:80 #routing all port 80 from specific internal ipaddress requests to 3128 (squid proxy server) # This will route ALL requests to SQUID $iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 # The following will route only the specific traffic to SQUID rest of the traffic will go DIRECT to internet $iptables -t nat -A PREROUTING -s 192.168.1.101 -p tcp --dport 80 -j REDIRECT --to-port 3128 $iptables -t nat -A PREROUTING -s 192.168.1.102 -p tcp --dport 80 -j REDIRECT --to-port 3128 $iptables -t nat -A PREROUTING -s 192.168.1.103 -p tcp --dport 80 -j REDIRECT --to-port 3128 $iptables -t nat -A PREROUTING -s 192.168.1.104 -p tcp --dport 80 -j REDIRECT --to-port 3128 $iptables -t nat -A PREROUTING -s 192.168.1.105 -p tcp --dport 80 -j REDIRECT --to-port 3128 ------------------------------------------------------------------------------------ -- amit Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/ _______________________________________________ ilugd mailinglist -- [email protected] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[email protected]/
