Re: [Fwbuilder-discussion] Nat and Transparent Proxy on remote box
Brought to you by:
mikehorn
From: Vadim K. <va...@vk...> - 2003-04-15 06:44:12
|
On Monday, April 14, 2003, at 06:06 PM, Shane Machon wrote: > Hello, > > Im trying to use fwbuilder to accomplish transparent proxying of > localnet web requests to another server on the local network. > > Refering to an excellent howto on doing this at > http://en.tldp.org/HOWTO/mini/TransparentProxy.html, i need fwbuilder > to handle the below lines (Taken straight from the howto) > > iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp --dport 80 > -j DNAT --to squid-box:3128 > iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box > -j SNAT --to iptables-box > iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0 -p > tcp --dport 3128 -j ACCEPT > > Now, im having difficulty with mainly the '!' switch, which basically > states 'anything but' the entry 'squid-box' processes that NAT rule. > How is this accomplished in fwbuilder? Ive tried negate, but that > doesnt seem to work. > I don't have 1.0.9 around anymore to try with, so I tried with the latest nightly build (libfwbuilder 1.0.0-RC1 and fwbuilder 1.0.10-RC1). It does not seem to work right if I use negation in the OSrc in the NAT rule but I'll see if I can fix that. There is however a way to get what you want, and it is not too complex. First of all, the latest code (1.0.10) supports NAT rules that do dual translation, that is translate both source and destination. This is new, so don't try it with 1.0.9, it won't work. the screenshot of the NAT rules is attached to this message. |