On Tue, 20 Jul 2010 20:43:52 -0700 (PDT) nseritti <[email protected]> wrote:
> Hi, > > I seem to be having trouble setting up an iptables proxy > > My network looks like this: > > Target system: > > 10.152.3.56:8443 > > Internal System: > eth0: 10.0.2.2 > eth1: 192.168.0.3 > > eth0 is connected to 10.152.3.0/24 network via site to site VPN > > What I'm trying to do is allow users on the 192.168.0.0/24 network to > point to 192.168.0.3:8443 and forward those requests to 10.152.3.56 > via eth0. > > My current ruleset allows me to access the target system via eth0, > however applying a similar ruleset to eth1 does not work. Below is the > script I'm currently running which works on if connecting from the > local system to it's eth0 address. > > #!/bin/sh > # TCP Proxy using IPTables > > IPTABLES=/sbin/iptables > > echo 1 > /proc/sys/net/ipv4/ip_forward > > # Flush nat table > $IPTABLES -t nat -F > $IPTABLES -F > > # tcpproxy > $IPTABLES -t nat -A PREROUTING --dst 10.0.2.2 -p tcp --dport 8443 -j > DNAT --to-destination 10.152.3.56:8443 > $IPTABLES -t nat -A POSTROUTING --dst 10.152.3.56 -p tcp --dport 8443 > - j SNAT --to-source 10.0.2.2 > $IPTABLES -t nat -A OUTPUT --dst 10.0.2.2 -p tcp --dport 8443 -j DNAT > --to-destination 10.152.3.56:8443 > > Any help would be appreciated. > > Thanks, > > Nick > We're missing some info. You're SNAT-ing to a physical ethernet adapter, when you should be SNAT-ing to the vpn net dev you didn't mention. Post the output of these commands: ifconfig netstat -rn -- You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit our group at http://groups.google.com/group/linuxusersgroup
