Remote Proxy

This topic contains 3 replies, has 0 voices, and was last updated by  code789 6 years, 2 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #42614

    code789
    Member

    Hi,
    I am in a bit of a fix trying to setup IPTABLES with Beta 13 version.

    Topology:

    Zeroshell Beta 13 running as Virtual Machine on VMware Workstation
    Eth0: Outward facing NIC (192.168.10.x/24)
    ETH1: Inward facing NIC (192.168.0.x/24)

    Physical server:
    NIC 0: Connect to ISP
    NIC1: Connected to 192.168.0.x/24 network

    ISP


    NIC0(VM ETH0)


    VM ETH 1 (NIC1) —- Client

    I am trying to redirect all my client connection to a remote Proxy IP , just to test connections.

    iptables -t nat -I PREROUTING -p tcp -d 110.136.184.96 –destination-port 80 -j DNAT –to-destination 192.168.10.116:80

    iptables -t nat -I POSTROUTING -p tcp –dst 192.168.10.116 –dport 80 -j SNAT –to-source 110.136.184.96

    At the same time under NAT I have added out-facing ETH0 as NAT (Many:1).


    Problem: When my ETH 0 is under NAT enabled mode, I can browse network from my client but my connection is not directing to a remote IP address.
    I know I am doing something stupid. any ideas..?

    Thnx!

    #51019

    ppalias
    Member

    Maybe the masquerade rule is favored more than the other POSTROUTING rule. What is the output of

    iptables -L -v
    iptables -t nat -L -v
    #51020

    code789
    Member

    oot@zeroshell root> cat /tmp/test1
    Chain INPUT (policy ACCEPT 9775 packets, 895K bytes)
    pkts bytes target prot opt in out source destination
    31035 3054K SYS_INPUT all — any any anywhere anywhere
    8 1436 SYS_HTTPS tcp — any any anywhere anywhere tcp dpt:http
    4735 577K SYS_HTTPS tcp — any any anywhere anywhere tcp dpt:https
    0 0 SYS_SSH tcp — any any anywhere anywhere tcp dpt:ssh

    Chain FORWARD (policy ACCEPT 36969 packets, 20M bytes)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT tcp — any any anywhere 96.subnet110-136-184.speedy.telkom.net.id tcp dpt:http
    0 0 ACCEPT tcp — any any anywhere 96.subnet110-136-184.speedy.telkom.net.id tcp dpt:http

    Chain OUTPUT (policy ACCEPT 6052 packets, 1881K bytes)
    pkts bytes target prot opt in out source destination
    22612 3142K SYS_OUTPUT all — any any anywhere anywhere

    Chain NetBalancer (0 references)
    pkts bytes target prot opt in out source destination

    Chain SYS_HTTPS (2 references)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all — lo any anywhere anywhere
    4743 579K ACCEPT all — any any anywhere anywhere

    Chain SYS_INPUT (1 references)
    pkts bytes target prot opt in out source destination
    13262 1013K ACCEPT all — lo any anywhere anywhere
    1073 229K ACCEPT udp — any any anywhere anywhere udp spt:domain state ESTABLISHED
    173 186K ACCEPT tcp — any any anywhere anywhere tcp spt:http state ESTABLISHED
    0 0 ACCEPT tcp — any any anywhere anywhere tcp spt:8245 state ESTABLISHED
    2009 153K ACCEPT udp — any any anywhere anywhere udp spt:ntp state ESTABLISHED
    14518 1474K RETURN all — any any anywhere anywhere

    Chain SYS_OUTPUT (1 references)
    pkts bytes target prot opt in out source destination
    13262 1013K ACCEPT all — any lo anywhere anywhere
    1097 83695 ACCEPT udp — any any anywhere anywhere udp dpt:domain
    174 10810 ACCEPT tcp — any any anywhere anywhere tcp dpt:http
    0 0 ACCEPT tcp — any any anywhere anywhere tcp dpt:8245
    2027 154K ACCEPT udp — any any anywhere anywhere udp dpt:ntp
    6052 1881K RETURN all — any any anywhere anywhere

    Chain SYS_SSH (1 references)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all — lo any anywhere anywhere
    0 0 ACCEPT all — any any anywhere anywhere
    _________________________________________________________

    root@zeroshell root> iptables -t nat -L -v
    Chain PREROUTING (policy ACCEPT 3470 packets, 266K bytes)
    pkts bytes target prot opt in out source destination
    0 0 DNAT all — any any anywhere 96.subnet110-136-184.speedy.telkom.net.id to:192.168.0.2
    0 0 DNAT tcp — any any anywhere 96.subnet110-136-184.speedy.telkom.net.id tcp dpt:http to:192.168.10.116:80
    0 0 DNAT tcp — any any anywhere 192.168.10.116 tcp dpt:http to:110.136.184.96:80
    0 0 DNAT tcp — any any anywhere 192.168.10.116 tcp dpt:http to:110.136.184.96:80
    0 0 DNAT tcp — any any anywhere 192.168.10.116 tcp dpt:http to:110.136.184.96:80
    0 0 DNAT tcp — any any anywhere 192.168.10.116 tcp dpt:http to:110.136.184.96:80
    0 0 DNAT tcp — any any anywhere 192.168.10.116 tcp dpt:http to:110.136.184.96:80
    0 0 DNAT all — eth0 any anywhere 1.1.1.1 to:192.168.0.5
    942 45216 Proxy tcp — any any anywhere anywhere tcp dpt:http

    Chain POSTROUTING (policy ACCEPT 2865 packets, 201K bytes)
    pkts bytes target prot opt in out source destination
    0 0 SNAT all — any any anywhere 192.168.0.2 to:110.136.184.96
    0 0 SNAT tcp — any any anywhere 192.168.10.116 tcp dpt:http to:110.136.184.96
    0 0 SNAT tcp — any any anywhere 96.subnet110-136-184.speedy.telkom.net.id tcp dpt:http to:192.168.10.1
    0 0 SNAT tcp — any any anywhere 96.subnet110-136-184.speedy.telkom.net.id tcp dpt:http to:192.168.10.1
    0 0 SNAT tcp — any any anywhere 96.subnet110-136-184.speedy.telkom.net.id tcp dpt:http to:192.168.10.1
    0 0 SNAT tcp — any any anywhere 96.subnet110-136-184.speedy.telkom.net.id tcp dpt:http to:192.168.10.1
    0 0 SNAT all — any eth0 192.168.0.5 anywhere to:1.1.1.1
    7663 559K SNATVS all — any any anywhere anywhere
    3588 261K MASQUERADE all — any ETH00 anywhere anywhere

    Chain OUTPUT (policy ACCEPT 5735 packets, 417K bytes)
    pkts bytes target prot opt in out source destination

    Chain Proxy (1 references)
    pkts bytes target prot opt in out source destination

    Chain SNATVS (1 references)
    pkts bytes target prot opt in out source destination

    #51021

    ppalias
    Member

    I don’t see any packets matched by the rules you have applyied. Make sure that you have tried with a test machine to access http://110.136.184.96

    #51022

    zeeshan
    Member

    Chain SYS_INPUT (1 references)
    pkts bytes target prot opt in out source destination
    13262 1013K ACCEPT all — lo any anywhere anywhere
    1073 229K ACCEPT udp — any any anywhere anywhere udp spt:domain state ESTABLISHED
    173 186K ACCEPT tcp — any any anywhere anywhere tcp spt:http state ESTABLISHED
    0 0 ACCEPT tcp — any any anywhere anywhere tcp spt:8245 state ESTABLISHED
    2009 153K ACCEPT udp — any any anywhere anywhere udp spt:ntp state ESTABLISHED
    14518 1474K RETURN all — any any anywhere anywhere

    ________________________
    http://www.flooringideas.eu

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.