- This topic is empty.
June 16, 2010 at 11:59 am #50396
Fulvio has added MRTG and SNMP support in ZS. You just have to install it as an external package and configure it to your needs.June 18, 2010 at 7:50 pm #50397Luigi10Member
When I try to put in:
iptables -t nat -A PREROUTING -p tcp –dport 80 -j DNAT –to-destination 10.150.1.3:8080
iptables -t nat -A PREROUTING -p tcp –dport 443 -j DNAT –to-destination 10.150.1.3:8080
it doesn’t work. Any suggestions?June 18, 2010 at 9:37 pm #50398
Do you have any hits on the iptables?
Do the packets arrive on 10.150.1.3?
Is the proxy on 10.150.1.3 working in transparent mode?June 22, 2010 at 1:45 pm #50399Luigi10Member
I noticed that whenever I put a command into the shell that it doesn’t save during a reboot. I am not very familiar with Linux at all and would greatly appreciate any assistance in making my commands put into the shell get saved during a reboot. Also I am trying to forward proxy requests to a third-party filtering server. The ZeroShell box will be the default gateway on the network (10.150.1.1). I am trying to make it so that when a workstation sends traffic towards the default gateway destined for the internet on port 80 (and possibly 443 but haven’t decided yet) that ZeroShell will forward that traffic to the third-party web filter (in our case the IP address is 10.150.1.3 using port 8080) to be filtered and then sent to the internet. I also want to make sure that servers on the local LAN does not get filtered at all so there would have to be deny rules in place to let their traffic pass through the default gateway like normal. Can all of this be done through the web-based gui or does it have to be done in the shell? I noticed a section in the gui that mentioned prerouting and iptables but i am not familiar with iptable commands at all. I do have Cisco IOS experience, but not familiar with Linux at all. Thanks.June 22, 2010 at 9:36 pm #50400
I don’t think you can do it with the web-gui.
It would be better with the CLI and since you have experience with IOS it won’t be that difficult.
The full tutorial for iptables can be found here.
You must add a DNAT rule to match the dport 80 packets (and dport 443 if you want https) of the subnet or IP range that has the computers you want to intercept, that changes the destination IP to 10.150.1.3:8080. Normally if the proxy uses its source IP address on packets then you won’t need to do anything else. If it keeps the original IP address as source you also need to redirect the answers from the wan interface to the proxy server again.
- You must be logged in to reply to this topic.