[Sussex] A clever work around? (IP Tables and Firewalls)

Alan F alan at slug.greenmeads.co.uk
Tue Oct 5 15:41:17 UTC 2004


On Tue, Oct 05, 2004 at 10:47:50AM +0100, Matthew Macdonald-Wallace wrote:
> 
> Is there any whay ofd adding a rule to IP Tables or dnsMasq so that all
> web traffic(http and https) has the proxy added to it at the desktop,
> removing the need for the proxy variable on the latop?
>
These are the ones I use on my network, replace 10.0.0.2 with the IP
of your university proxy, and 8080 with its port.

/sbin/iptables -t nat -A PREROUTING -i eth0 -s ! 10.0.0.2 -p tcp --dport 80 -j DNAT --to 10.0.0.2:8080
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -d 10.0.0.2 -j SNAT --to 10.0.0.2
/sbin/iptables -A FORWARD -s 10.0.0.0/24 -d 10.0.0.2 -i eth0 -o eth0 -p tcp --dport 8080 -j ACCEPT

Hope this helps,
Alan





More information about the Sussex mailing list