Re: [Fwbuilder-discussion] Nat and Transparent Proxy on remote box
Brought to you by:
mikehorn
Menu
▾
▴
Re: [Fwbuilder-discussion] Nat and Transparent Proxy on remote box
|
From: Jeremy T. B. <Jer...@un...> - 2003-04-15 15:19:14
|
Well as I know Vadim is aware I do have the nitely CVS builds available for testing... Being the Debian package maintainer for fwbuilder having the nitely CVS builds help to try and speed up the release uploads once there is a release and give me more time to test it... There is a build error I'm looking into now as they have failed to build the past couple nites (last build was 4/13)... Jeremy On Tue, Apr 15, 2003 at 05:09:51PM +1000, Shane Machon wrote: > Vadim, > > Your right about it not working on 1.0.9 :) Im using the debian package from unstable and am not really in a position to go and get CVS builds, so Ill have to manually add this into the script and wait in anticipation for the new version to arrive :) > > Thanks for your help anyways. > > Cheers, > > Shane. > > -----Original Message----- > From: Vadim Kurland [mailto:va...@vk...] > Sent: Tuesday, 15 April 2003 4:44 PM > To: Shane Machon > Cc: fwb...@li... > Subject: Re: [Fwbuilder-discussion] Nat and Transparent Proxy on remote > box > > > > On Monday, April 14, 2003, at 06:06 PM, Shane Machon wrote: > > > Hello, > > > > Im trying to use fwbuilder to accomplish transparent proxying of > > localnet web requests to another server on the local network. > > > > Refering to an excellent howto on doing this at > > http://en.tldp.org/HOWTO/mini/TransparentProxy.html, i need fwbuilder > > to handle the below lines (Taken straight from the howto) > > > > iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp --dport 80 > > -j DNAT --to squid-box:3128 > > iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box > > -j SNAT --to iptables-box > > iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0 -p > > tcp --dport 3128 -j ACCEPT > > > > Now, im having difficulty with mainly the '!' switch, which basically > > states 'anything but' the entry 'squid-box' processes that NAT rule. > > How is this accomplished in fwbuilder? Ive tried negate, but that > > doesnt seem to work. > > > > I don't have 1.0.9 around anymore to try with, so I tried with the > latest nightly build (libfwbuilder 1.0.0-RC1 and fwbuilder 1.0.10-RC1). > It does not seem to work right if I use negation in the OSrc in the NAT > rule but I'll see if I can fix that. There is however a way to get what > you want, and it is not too complex. > > First of all, the latest code (1.0.10) supports NAT rules that do dual > translation, that is translate both source and destination. This is > new, so don't try it with 1.0.9, it won't work. > > the screenshot of the NAT rules is attached to this message. > > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Fwbuilder-discussion mailing list > Fwb...@li... > https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion |