Mihai Marusca wrote:
> Revenind la problema initiala (pe care eu n-am priceput-o foarte bine), am > sa descriu scenariul de la mine, poate ajuta cuiva. > > Proxy: (eth0, IP rutabil), eth1: 192.168.0.3/24; > Router: (eth0 IP rutabil), eth1: 192.168.0.254/24, eth2: 192.168.1.254/24 > Clienti: 192.168.0.0/24, 192.168.1.0/24 > > Sectiunea relevanta din scriptul de nat arata cam asa: > > ####################### > > # dnat http packets to our proxy > iptables -t nat -A PREROUTING -p tcp -s 192.168.0.0/23 -d ! > 192.168.0.0/23 --dport 80 -j DNAT --to-destination 192.168.0.3:3128 > > # fix trasparent proxy for 192.168.0.0/24 > iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 192.168.0.3 -j > SNAT --to-source 192.168.0.254 > > ####################### > > Prima regula "schimba" inlocuieste destinatia request-urilor http cu ip-ul > proxyului meu. In momentul asta reteaua 192.168.1.0/24 e deja fericita. > > A doua regula introduce un "fix" pentru reteaua 192.168.0.0/24, fara care > pachetele s-ar intoarce de la proxy la client fara a trece prin router > intai, drept pentru care clientul ar fi foarte confuzat (ca el nu la ip-ul > ala s-a conectat) > > Fara mark, fara ip route. A, si fara http_accel* and friends. Dar, vorba > aia, YMMV. > > Bibliografie: http://www.linuxdoc.org/HOWTO/mini/TransparentProxy-6.html > http://netfilter.samba.org/unreliable-guides/NAT-HOWTO/NAT-HOWTO.linuxdoc-10 > .html > it works :)) Thankyou a lot :) -- ************************************************************ * Cezar Atanasiu * [EMAIL PROTECTED] * * SC 1A SCS * http://www.1a.ro * * Grivitei 4 Street * voice: (041) 660459 * * Contanta, 8700, * fax: (041) 660079 * * Romania * ************************************************************ --- Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to unsubscribe from this list.
