Fred Stluka on 7 Jun 2013 15:03:46 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Setting up a proxy via iptables?...


PLUG folks,

I got it working.  Yes, it really is just 3 lines in iptables to set up
a proxy server.

Thanks to Michel van der List for reminding me that my server at
AWS has different internal and external IP addresses on the Amazon
LAN.

My only problem in telling iptables of the server to re-route traffic
was that I was telling it to watch for the external IP address, which
it never sees, instead of the internal IP address.

Now fixed!  Thanks, Michel!

--Fred
------------------------------------------------------------------------
Fred Stluka -- mailto:fred@bristle.com -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.
------------------------------------------------------------------------

On 6/7/13 5:57 PM, Fred Stluka wrote:
Thanks for the thought, Kevin.  I had a more serious problem
(now fixed), but I'll keep this in mind if I ever make a change
and it seems to be caching the old behavior.

--Fred
------------------------------------------------------------------------
Fred Stluka -- mailto:fred@bristle.com -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.
------------------------------------------------------------------------

On 6/6/13 6:47 PM, Kevin McAllister wrote:
On Jun 6, 2013, at 6:19 PM, Fred Stluka<fred@bristle.com>  wrote:

PLUG folks,

Do any of you have experience with setting up a proxy via
iptables.  Should be just 3 simple iptables commands, but I
tried and couldn't make it work.
[...]

I didn't have a chance to read all your notes but I had a similar problem recently. Basically once iptables makes a decision doing NAT and creates a connection in it's conntrack it won't go to the PRE and POST routing rules again to make that decision unless the connection goes away. The way I've gotten around this on CentOS is to simply do /sbin/service iptables save; /sbin/service iptables restart

But be cautious, I won't be there to help when you take the network down. I'm already scheduled to do some network takedown myself tonight.

There may be a less abrupt way to do it. And I might have gotten some of the details wrong but your situation sounded similar to mine. Hopefully Julien Doesn't see this and cringe too much :-) ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug