Net Balancer

Home Page Forums Network Management Networking Net Balancer

This topic contains 18 replies, has 0 voices, and was last updated by  Luigi10 9 years, 1 month ago.

Viewing 5 posts - 16 through 20 (of 20 total)
  • Author
    Posts
  • #50396

    ppalias
    Member

    Fulvio has added MRTG and SNMP support in ZS. You just have to install it as an external package and configure it to your needs.

    #50397

    Luigi10
    Member

    When I try to put in:

    iptables -t nat -A PREROUTING -p tcp –dport 80 -j DNAT –to-destination 10.150.1.3:8080

    iptables -t nat -A PREROUTING -p tcp –dport 443 -j DNAT –to-destination 10.150.1.3:8080

    it doesn’t work. Any suggestions?

    #50398

    ppalias
    Member

    Do you have any hits on the iptables?
    Do the packets arrive on 10.150.1.3?
    Is the proxy on 10.150.1.3 working in transparent mode?

    #50399

    Luigi10
    Member

    I noticed that whenever I put a command into the shell that it doesn’t save during a reboot. I am not very familiar with Linux at all and would greatly appreciate any assistance in making my commands put into the shell get saved during a reboot. Also I am trying to forward proxy requests to a third-party filtering server. The ZeroShell box will be the default gateway on the network (10.150.1.1). I am trying to make it so that when a workstation sends traffic towards the default gateway destined for the internet on port 80 (and possibly 443 but haven’t decided yet) that ZeroShell will forward that traffic to the third-party web filter (in our case the IP address is 10.150.1.3 using port 8080) to be filtered and then sent to the internet. I also want to make sure that servers on the local LAN does not get filtered at all so there would have to be deny rules in place to let their traffic pass through the default gateway like normal. Can all of this be done through the web-based gui or does it have to be done in the shell? I noticed a section in the gui that mentioned prerouting and iptables but i am not familiar with iptable commands at all. I do have Cisco IOS experience, but not familiar with Linux at all. Thanks.

    #50400

    ppalias
    Member

    I don’t think you can do it with the web-gui.
    It would be better with the CLI and since you have experience with IOS it won’t be that difficult.
    The full tutorial for iptables can be found here.
    You must add a DNAT rule to match the dport 80 packets (and dport 443 if you want https) of the subnet or IP range that has the computers you want to intercept, that changes the destination IP to 10.150.1.3:8080. Normally if the proxy uses its source IP address on packets then you won’t need to do anything else. If it keeps the original IP address as source you also need to redirect the answers from the wan interface to the proxy server again.

Viewing 5 posts - 16 through 20 (of 20 total)

You must be logged in to reply to this topic.