thr3ads.net - Shorewall users - Proxy with IPTables/Shorewall ? [Aug 2006]

If this information is useful, please help other people find it:
Share via:

Noc Phibee

2006-Aug-03 12:19 UTC

Proxy with IPTables/Shorewall ?

Hi

it''s possible with Shorewall 2.0.17 create a "Proxy" on one
IP ?

WAN => Ip Official   
          Linux Shorewall Gateway (ETh0 on WAN and Eth1 on LAN)
          Destination Serveur on the lan with a 192.168.1.100 IP


I am search a "proxy" for the packet sent to the local server by the
gateway
put the IP of the gateway for Answer (on the lan server, he don''t have
a
0.0.0.0/0
route for the gateway server. If the packet have in Source a Internet 
IP, he can''t answer)

Thanks for your help

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Tom Eastep

2006-Aug-03 15:23 UTC

head link

Re: Proxy with IPTables/Shorewall ?

Noc Phibee wrote:> Hi
> 
> it''s possible with Shorewall 2.0.17 create a "Proxy" on
one IP ?
> 
> WAN => Ip Official   
>           Linux Shorewall Gateway (ETh0 on WAN and Eth1 on LAN)
>           Destination Serveur on the lan with a 192.168.1.100 IP
> 
> 
> I am search a "proxy" for the packet sent to the local server by
the gateway
> put the IP of the gateway for Answer (on the lan server, he don''t
have a
> 0.0.0.0/0
> route for the gateway server. If the packet have in Source a Internet 
> IP, he can''t answer)
Check the last post I made in the thread with subject "please help with
DNAT
setting". I described how you can use an entry in /etc/shorewall/masq to
work
around this type of problem.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Noc Phibee

2006-Aug-03 16:35 UTC

head link

Re: Proxy with IPTables/Shorewall ?

Tom Eastep a écrit :> Noc Phibee wrote:
>   
>> Hi
>>
>> it''s possible with Shorewall 2.0.17 create a "Proxy"
on one IP ?
>>
>> WAN => Ip Official   
>>           Linux Shorewall Gateway (ETh0 on WAN and Eth1 on LAN)
>>           Destination Serveur on the lan with a 192.168.1.100 IP
>>
>>
>> I am search a "proxy" for the packet sent to the local server
by the gateway
>> put the IP of the gateway for Answer (on the lan server, he
don''t have a
>> 0.0.0.0/0
>> route for the gateway server. If the packet have in Source a Internet 
>> IP, he can''t answer)
>>     
>
> Check the last post I made in the thread with subject "please help
with DNAT
> setting". I described how you can use an entry in /etc/shorewall/masq
to work
> around this type of problem.
>
> -Tom
>   
Hi

Thanks tom, it''s :

======================================================================
b) Use an SNAT rule so that all traffic forwarded by the DNAT rule appears
   to the server to come from the Shorewall box. This of course makes the
   access and error logs on the server worthless since you can''t tell
where
   the traffic really came from.

   In /etc/shorewall/masq:

      <local iface>:192.168.111.247 0.0.0.0/0 <local IP> tcp 80

=======================================================================
My wan eth0 on my linux box are 83.41.12X.XX
My Lan eth1 on my linux box are 192.168.1.254
My Local Server are in 192.168.1.200
The protocole are 80 and 443

i put in

/etc/shorewall/masq:

eth1:192.168.1.200 0.0.0.0/0 83.41.12X.XX tcp 80
eth1:192.168.1.200 0.0.0.0/0 83.41.12X.XX tcp 80


it''s correct ?

83.41.12X.XX are the IP of my linux box, i have 10
other ip in 83.41.12X ... can i put a special 83.41.12X.
for this process ?

Thanks for your help tom





-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Tom Eastep

2006-Aug-03 18:12 UTC

head link

Re: Proxy with IPTables/Shorewall ?

Noc Phibee wrote:
> 
> My wan eth0 on my linux box are 83.41.12X.XX
> My Lan eth1 on my linux box are 192.168.1.254
> My Local Server are in 192.168.1.200
> The protocole are 80 and 443
> 
> i put in
> 
> /etc/shorewall/masq:
> 
> eth1:192.168.1.200 0.0.0.0/0 83.41.12X.XX tcp 80
> eth1:192.168.1.200 0.0.0.0/0 83.41.12X.XX tcp 80
> 
> 
> it''s correct ?
No.

eth1:192.168.1.200 0.0.0.0/0 192.168.1.254 tcp 80
eth1:192.168.1.200 0.0.0.0/0 192.168.1.254 tcp 443

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Noc Phibee

2006-Aug-03 18:22 UTC

head link

Re: Proxy with IPTables/Shorewall ?

Tom Eastep a écrit :> Noc Phibee wrote:
>
>   
>> My wan eth0 on my linux box are 83.41.12X.XX
>> My Lan eth1 on my linux box are 192.168.1.254
>> My Local Server are in 192.168.1.200
>> The protocole are 80 and 443
>>
>> i put in
>>
>> /etc/shorewall/masq:
>>
>> eth1:192.168.1.200 0.0.0.0/0 83.41.12X.XX tcp 80
>> eth1:192.168.1.200 0.0.0.0/0 83.41.12X.XX tcp 80
>>
>>
>> it''s correct ?
>>     
>
> No.
>
> eth1:192.168.1.200 0.0.0.0/0 192.168.1.254 tcp 80
> eth1:192.168.1.200 0.0.0.0/0 192.168.1.254 tcp 443
>
> -Tom
>   
Ok, and in rules, i put classique DNAT ?



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Tom Eastep

2006-Aug-03 18:24 UTC

head link

Re: Proxy with IPTables/Shorewall ?

Noc Phibee wrote:> Tom Eastep a écrit :
>> 
>>>
>>> it''s correct ?
>>>     
>> No.
>>
>> eth1:192.168.1.200 0.0.0.0/0 192.168.1.254 tcp 80
>> eth1:192.168.1.200 0.0.0.0/0 192.168.1.254 tcp 443
>>
>> -Tom
>>   
> 
> Ok, and in rules, i put classique DNAT ?
> 
Oui.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Shorewall users - Aug 2006 - Proxy with IPTables/Shorewall ?

Proxy with IPTables/Shorewall ?

Re: Proxy with IPTables/Shorewall ?

Re: Proxy with IPTables/Shorewall ?

Re: Proxy with IPTables/Shorewall ?

Re: Proxy with IPTables/Shorewall ?

Re: Proxy with IPTables/Shorewall ?