It is
fairly easy -
The
redirect to squid is done in the PREROUTING chain and
SNAT
is done in POSTROUTING...
so if
it is port 80 it will get picked up first, otherwise it will be SNAT'ted in
the POSTROUTING chain:
iptables -t nat -A PREROUTING -i $INTERNAL_INTERFACE -p tcp --dport 80 -j
REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o $INTERNET_INTERFACE -j SNAT --to-source
$INTERNET_IP
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mike Atlas
Sent: Thursday, May 30, 2002 4:10 PM
To: [EMAIL PROTECTED]
Subject: Quick QuestionHello Everyone. I hope you all can help me, I'm sure you can (it seems like a pretty simple problem).I am setting up a Squid proxy server to run in transparent mode. To do this, I need to forward all port 80 and 443 traffic to squids' port, 3128. Additionally, I would like all other traffic on all other ports to forward on to the router.I have found a script to forward port 80 to squid (note: eth1 is my internal interface, eth0 is external):iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128I assume I can run the same line for 443:iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j REDIRECT --to-port 3128However, what can I use to forward EVERYTHING that is not port 80 out of the eth0 interface, to our router (192.168.0.2)?I know it has something to do with --dport ! 80, but I can't figure it out.Thanks for your help.BTW, this is RedHat 72. if that makes any difference. Linux kernel 2.4.9-31.-mike______________________________________________
Mike Atlas 703.385.8362(v)
Senior System Engineer 703.385.3674(f)
Vista Innovation www.vistainnovation.com
