> yip that sounds corrcet do you have an example for me ? of how to forward > from my internal nic to the gatway nic ? > > Thanks a stack > >> Hi. > >> > >> Please can some one advise how to setup squid to transparently proxy ssl > >> ports, it's currently proxing http with no problem.. > >> > >> Many thanks > >> Gregory Machin > >> > > > > It sounds like what you need is masquerading or possibly port forwarding. > > I > > manage a squid proxy for my company but no other connections are proxied. > > Instead we use a machine as an internet gateway and use masquerading to > > route SSH connections off the local private subnet to the internet. Many > > organizations do this. One way to do this is with iptables. Let me know > > if > > you'd like some examples. > > > > <|>/\\/|<|>
Hmm. Looks like some lines were wrapped in my last post. Here's the script again as an attachment. <|>/\\/|<|>
#!/bin/bash IPTABLES=/usr/sbin/iptables MODPROBE=/sbin/modprobe LOCALNET=10.0.0.0/8 INT=eth0 # Name of the internal lan side network card EXT=eth1 # Name of the external internet side network card $MODPROBE ipt_MASQUERADE $MODPROBE ip_conntrack_ftp $MODPROBE ip_nat_ftp # Enable forwarding echo "1" > /proc/sys/net/ipv4/ip_forward # This clears existing rules and sets default policies # These policies assume you have a firewall between the gateway and the internet $IPTABLES -P INPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F OUTPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -t nat -F $IPTABLES -t mangle -F # Masquerading rules $IPTABLES -A FORWARD -i $EXT -o $INT -d $LOCALNET -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i $INT -o $EXT -s $LOCALNET -j ACCEPT # Perform actual masquerading in postrouting $IPTABLES -t nat -A POSTROUTING -o $EXT -j MASQUERADE
