[TriLUG] iptables question

mark at thefowles.com mark at thefowles.com
Thu Nov 10 14:37:51 EST 2005


All -

I have a gateway/router setup to route all outbound web traffic back
through Dansguardian and Squid, (for proxy/content filtering) - then out
to the internet if they pass the test --

Here's the primary rule.........
echo "Proxy Adjustment being made."
iptables -t nat -A PREROUTING -i eth1 -s ! 192.168.10.12 -p tcp --dport 80
-j DNAT --to 192.168.10.12:88
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.10.0/24 -d 192.168.10.12
-j SNAT --to 192.168.10.1
iptables -A FORWARD -s 192.168.10.0/24 -d 192.168.10.12 -i eth1 -o eth1 -p
tcp --dport 88 -j ACCEPT


I need to have 6 ip's in the 10.x range be excluded from filtering and
allowed out.  What would be the rule I'd use? Would I have to add all the
IP's that are to be blocked and just not include the ones I need to bypass
the proxy?

TIA,
Mark



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the TriLUG mailing list