[TriLUG] iptables question
mark at thefowles.com
mark at thefowles.com
Thu Nov 10 14:37:51 EST 2005
All -
I have a gateway/router setup to route all outbound web traffic back
through Dansguardian and Squid, (for proxy/content filtering) - then out
to the internet if they pass the test --
Here's the primary rule.........
echo "Proxy Adjustment being made."
iptables -t nat -A PREROUTING -i eth1 -s ! 192.168.10.12 -p tcp --dport 80
-j DNAT --to 192.168.10.12:88
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.10.0/24 -d 192.168.10.12
-j SNAT --to 192.168.10.1
iptables -A FORWARD -s 192.168.10.0/24 -d 192.168.10.12 -i eth1 -o eth1 -p
tcp --dport 88 -j ACCEPT
I need to have 6 ip's in the 10.x range be excluded from filtering and
allowed out. What would be the rule I'd use? Would I have to add all the
IP's that are to be blocked and just not include the ones I need to bypass
the proxy?
TIA,
Mark
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the TriLUG
mailing list