On Sun, Mar 16, 2008 at 4:18 PM, Rachmat Hidayat Al Anshar
<rachmat_hidayat_03@yahoo.com> wrote:
>
> Hi Indunil :)
>
> First of all, thanks a zillion for ur help before,
> I was implemented ur suggested rules, and
> its working, my squid box become transparent ;-)
>
> Um, but there is some other problem disturbing
> me here. Those rules working for a http traffic,
> in fact, i have to redirect ftp traffic also.
> Could u give me a favor solving this?!?! Is it
> any added rules that i have to issue according
> to this ftp traffic redirections, or what?
Squid is NOT a ftp proxy. If you use Open BSD's PF, it has rules for a
ftp proxy, since ftp-proxy runs on localhost.
But, in Linux, I do not know such thing. So you will have to add below
iptables rules to access ftp sites from clients.
I assume your client network is 192.168.0.0/24 and external ip is
1.2.3.4 ( ip that connects to ISP router)
/sbin/modprobe -a ip_conntrack_ftp ip_nat_ftp
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 21 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j SNAT
--to-source 1.2.3.4
>
> I couldn't really understanding about these line
> of rules:
>
> > iptables -t mangle -A PREROUTING -j MARK --set-mark
> 3 -p tcp --dport 80
the above rule marks packets as value 3 that are destined to port 80
But, before routing. That is why , it says PREROUTING
> > ip rule add fwmark 3 table 2
tthen, Those makred packets as value 3 are added to a table called 2.
That's it.
-- Thank you Indunil JayasooriyaReceived on Sun Mar 16 2008 - 20:55:55 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT