www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Remote Proxy

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Transparent Proxy
View previous topic :: View next topic  
Author Message
code789



Joined: 30 Aug 2010
Posts: 2

PostPosted: Mon Aug 30, 2010 4:07 am    Post subject: Remote Proxy Reply with quote

Hi,
I am in a bit of a fix trying to setup IPTABLES with Beta 13 version.

Topology:

Zeroshell Beta 13 running as Virtual Machine on VMware Workstation
Eth0: Outward facing NIC (192.168.10.x/24)
ETH1: Inward facing NIC (192.168.0.x/24)

Physical server:
NIC 0: Connect to ISP
NIC1: Connected to 192.168.0.x/24 network

ISP ------ NIC0(VM ETH0) ----- VM ETH 1 (NIC1) ---- Client

I am trying to redirect all my client connection to a remote Proxy IP , just to test connections.

iptables -t nat -I PREROUTING -p tcp -d 110.136.184.96 --destination-port 80 -j DNAT --to-destination 192.168.10.116:80

iptables -t nat -I POSTROUTING -p tcp --dst 192.168.10.116 --dport 80 -j SNAT --to-source 110.136.184.96

At the same time under NAT I have added out-facing ETH0 as NAT (Many:1).

-------------------------------------------------------------------------------------------------------------
Problem: When my ETH 0 is under NAT enabled mode, I can browse network from my client but my connection is not directing to a remote IP address.
I know I am doing something stupid. any ideas..?

Thnx!
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Mon Aug 30, 2010 7:34 am    Post subject: Reply with quote

Maybe the masquerade rule is favored more than the other POSTROUTING rule. What is the output of
Code:
iptables -L -v
iptables -t nat -L -v
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
code789



Joined: 30 Aug 2010
Posts: 2

PostPosted: Mon Aug 30, 2010 11:29 am    Post subject: Reply with quote

oot@zeroshell root> cat /tmp/test1
Chain INPUT (policy ACCEPT 9775 packets, 895K bytes)
pkts bytes target prot opt in out source destination
31035 3054K SYS_INPUT all -- any any anywhere anywhere
8 1436 SYS_HTTPS tcp -- any any anywhere anywhere tcp dpt:http
4735 577K SYS_HTTPS tcp -- any any anywhere anywhere tcp dpt:https
0 0 SYS_SSH tcp -- any any anywhere anywhere tcp dpt:ssh

Chain FORWARD (policy ACCEPT 36969 packets, 20M bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere 96.subnet110-136-184.speedy.telkom.net.id tcp dpt:http
0 0 ACCEPT tcp -- any any anywhere 96.subnet110-136-184.speedy.telkom.net.id tcp dpt:http

Chain OUTPUT (policy ACCEPT 6052 packets, 1881K bytes)
pkts bytes target prot opt in out source destination
22612 3142K SYS_OUTPUT all -- any any anywhere anywhere

Chain NetBalancer (0 references)
pkts bytes target prot opt in out source destination

Chain SYS_HTTPS (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
4743 579K ACCEPT all -- any any anywhere anywhere

Chain SYS_INPUT (1 references)
pkts bytes target prot opt in out source destination
13262 1013K ACCEPT all -- lo any anywhere anywhere
1073 229K ACCEPT udp -- any any anywhere anywhere udp spt:domain state ESTABLISHED
173 186K ACCEPT tcp -- any any anywhere anywhere tcp spt:http state ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp spt:8245 state ESTABLISHED
2009 153K ACCEPT udp -- any any anywhere anywhere udp spt:ntp state ESTABLISHED
14518 1474K RETURN all -- any any anywhere anywhere

Chain SYS_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
13262 1013K ACCEPT all -- any lo anywhere anywhere
1097 83695 ACCEPT udp -- any any anywhere anywhere udp dpt:domain
174 10810 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:8245
2027 154K ACCEPT udp -- any any anywhere anywhere udp dpt:ntp
6052 1881K RETURN all -- any any anywhere anywhere

Chain SYS_SSH (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT all -- any any anywhere anywhere
_________________________________________________________

root@zeroshell root> iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 3470 packets, 266K bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT all -- any any anywhere 96.subnet110-136-184.speedy.telkom.net.id to:192.168.0.2
0 0 DNAT tcp -- any any anywhere 96.subnet110-136-184.speedy.telkom.net.id tcp dpt:http to:192.168.10.116:80
0 0 DNAT tcp -- any any anywhere 192.168.10.116 tcp dpt:http to:110.136.184.96:80
0 0 DNAT tcp -- any any anywhere 192.168.10.116 tcp dpt:http to:110.136.184.96:80
0 0 DNAT tcp -- any any anywhere 192.168.10.116 tcp dpt:http to:110.136.184.96:80
0 0 DNAT tcp -- any any anywhere 192.168.10.116 tcp dpt:http to:110.136.184.96:80
0 0 DNAT tcp -- any any anywhere 192.168.10.116 tcp dpt:http to:110.136.184.96:80
0 0 DNAT all -- eth0 any anywhere 1.1.1.1 to:192.168.0.5
942 45216 Proxy tcp -- any any anywhere anywhere tcp dpt:http

Chain POSTROUTING (policy ACCEPT 2865 packets, 201K bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- any any anywhere 192.168.0.2 to:110.136.184.96
0 0 SNAT tcp -- any any anywhere 192.168.10.116 tcp dpt:http to:110.136.184.96
0 0 SNAT tcp -- any any anywhere 96.subnet110-136-184.speedy.telkom.net.id tcp dpt:http to:192.168.10.1
0 0 SNAT tcp -- any any anywhere 96.subnet110-136-184.speedy.telkom.net.id tcp dpt:http to:192.168.10.1
0 0 SNAT tcp -- any any anywhere 96.subnet110-136-184.speedy.telkom.net.id tcp dpt:http to:192.168.10.1
0 0 SNAT tcp -- any any anywhere 96.subnet110-136-184.speedy.telkom.net.id tcp dpt:http to:192.168.10.1
0 0 SNAT all -- any eth0 192.168.0.5 anywhere to:1.1.1.1
7663 559K SNATVS all -- any any anywhere anywhere
3588 261K MASQUERADE all -- any ETH00 anywhere anywhere

Chain OUTPUT (policy ACCEPT 5735 packets, 417K bytes)
pkts bytes target prot opt in out source destination

Chain Proxy (1 references)
pkts bytes target prot opt in out source destination

Chain SNATVS (1 references)
pkts bytes target prot opt in out source destination
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Tue Aug 31, 2010 6:37 am    Post subject: Reply with quote

I don't see any packets matched by the rules you have applyied. Make sure that you have tried with a test machine to access http://110.136.184.96
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
zeeshan



Joined: 15 Nov 2012
Posts: 3

PostPosted: Mon Jan 07, 2013 11:37 am    Post subject: Reply with quote

Chain SYS_INPUT (1 references)
pkts bytes target prot opt in out source destination
13262 1013K ACCEPT all -- lo any anywhere anywhere
1073 229K ACCEPT udp -- any any anywhere anywhere udp spt:domain state ESTABLISHED
173 186K ACCEPT tcp -- any any anywhere anywhere tcp spt:http state ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp spt:8245 state ESTABLISHED
2009 153K ACCEPT udp -- any any anywhere anywhere udp spt:ntp state ESTABLISHED
14518 1474K RETURN all -- any any anywhere anywhere


________________________
http://www.flooringideas.eu
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Transparent Proxy All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group