On Jan 9, 2008 8:24 PM, Darragh <lists at digitaldarragh.com> wrote:
> Thanks for your response.
>> On Wed, January 9, 2008 9:00 am, Pawel Bogucki wrote:
>> > forward only internal addresses to squid excluding request with server
> > address
> >
> > iptables -A PREROUTING -t nat -p tcp -i $INTERNAL_INTERFACE -d
> > !$SERVER_ADDRESS --dport 80 -j DNAT --to-destination
> > $SERVER_ADDRESS:3028
> >
> > something like that
> >
> >
> > --
> > Pawel Bogucki
>> I read the iptables man page today again. It's a very good document I
> have to say but there are a few things that are not clear. For a start,
> --src-range does not seem to be recognised by iptables. it says invalid
> arguement.
>> Here is a rule that I've created to only allow one ip to access the server
> from port 80. I'd rather let all public IP's access it but the src range
> didn't work and neither did source !xxxx so for testing I decided to give
> this a try.
>> Here are the commands I've tried to use with no success. I still don't
> seem to get access.
>> tcpdump -nn port 80 does show that a connection is definitly reaching the
> server though.
>> iptables -A PREROUTING -t nat -p tcp -s !192.168.2.0/24 -dport 80 -j
> REDIRECT --to-ports 80
>> I also tried a variation first as follows:
>> iptables -A PREROUTING -t nat -p tcp -s xxx.xxx.xxx.xxx -dport 80 -j
> REDIRECT --to-ports 80
> obviously the x's can be replaced by the actual IP.
>> finally I also tried --src-range as follows:
> iptables -A PREROUTING -t nat -p tcp --source-range
> 192.168.2.0-192.168.2.254 -dport 80 -j
> REDIRECT --to-ports 80
>> the second command does not return an error at the command line however
> the first and the third are not excepted at all. Interestingly, when I
> use -s !192.168.2.0/24 I get a very strange error about trying to cat
> squid.conf when I press up arrow when trying to reenter the command I see
> that it's actually putting in a command at the start of the IP address
> that I typed days ago.
> I've a feeling it's some kind of very strange bug.
>> Can anyone indicate where I'm going wrong with these commands?
> $IPT -t nat -A PREROUTING -i $INTIF -p tcp -s $i -j DNAT --to
$INTIP:3128 --dport 80 -d ! 192.168.16.10
this is the exact line i was using in my previous work
so the problem seems to be that i missed a space between ! and
$SERVER_ADDRESS in my previous post
here are variables
#path to iptables
IPT='/sbin/iptables'
#internal interface
INTIF='eth0'
#internal address of the server
INTIP='192.168.16.10'
'i' was read from the file which contained allowed IP addresses and
the command was done in a loop.
i think you can use your network in here 192.168.2.0/24
--
Pawel Bogucki
Skype: pbogu_
JabberID: pawel.bogucki at gmail.com
GSM: +353 85 8184879
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
