September 22, 2014, 04:14:07 AM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: Internet Sharing in Linux / NAT How to  (Read 82549 times)

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Internet Sharing in Linux / NAT How to
« Reply #15 on: August 27, 2004, 11:19:11 AM »
Yes..
by this method ie NAT you can do all you want !

Offline tomamodi

  • Linux Learner
  • ***
  • Posts: 78
Re: Internet Sharing in Linux / NAT How to
« Reply #16 on: October 10, 2004, 04:45:55 AM »
[
First make a file named 'rc.nat' and put the following script in it.
Code: [Select]


iptables=/sbin/iptables


iptables --flush -t nat


1)iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
2)iptables --append FORWARD --in-interface eth0 -j ACCEPT
3)echo 1 > /proc/sys/net/ipv4/ip_forward


dear ricky
is this neccessery to put the above lines in same or  (2-3)in one line

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Internet Sharing in Linux / NAT How to
« Reply #17 on: October 12, 2004, 08:24:47 AM »
line one is for for telling that which interface to be althered ie for actuall net connection for the that is ppp0 ... line to is to  accept connection for eth0 ie lan and line three is to enable packet routing..

so all are required !

Offline ziajee

  • Linux Noob !
  • *
  • Posts: 4
Block Messenger
« Reply #18 on: January 03, 2005, 02:31:46 PM »
hi
i also wanted for transparent proxy...
and it helps me out and solved my problam....

pls can you help me again for blocking msn messenger and yahoo messenger ..
and many porn sites..with this iptables...

thankx again...

Rgds

Aasim Zia

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Internet Sharing in Linux / NAT How to
« Reply #19 on: January 04, 2005, 09:16:36 AM »
Well, if you look few last post of this forum then you will find the solution for your problem. :)

Offline rana28

  • Linux Noob !
  • *
  • Posts: 26
Regarding Transparent Proxy
« Reply #20 on: January 18, 2005, 08:25:07 AM »
Dear Ricky
Thanks for your tutorial for transparent proxy, I have one question regarding this topic, I have installed squid 2.5 on Redhat linux 9.0 (rpm package), is this necessary for installing net filter for transparent proxy, if yes how I installed net filter on red hat linux 9.0 (is there any rpm package avilable for net filter?)

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Internet Sharing in Linux / NAT How to
« Reply #21 on: January 18, 2005, 03:50:04 PM »
netfilter.. are you talking about iptables,
well for transparent proxy (it if you don't want to configure browsers) you need netfilter's Iptables installed and they are now in every std. linux distro.

For simple proxy ie using it by configuring every clien'ts browser then no need of it at all.

You can download. search "iptables rpm download" in any search engine.

Offline rana28

  • Linux Noob !
  • *
  • Posts: 26
Regarding Trasparenet Proxy
« Reply #22 on: January 19, 2005, 09:20:24 AM »
Dear Friend
As written by I have try to configure transparent proxy with my linux box, but unfortunately it's won't work. I am using red hat linux 9.0 with iptables (already loaded with linux ). If I specify my server ip and port no 3128 on my windows client then it's working fine. Can u tell me what is the proble. I have tried several times. pls help

Offline rana28

  • Linux Noob !
  • *
  • Posts: 26
Transparenet Proxy
« Reply #23 on: January 19, 2005, 10:12:10 AM »
I am using 2 ethernet cards, eth0 for Lan and eth1 for DSL connection (PPP0).

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Internet Sharing in Linux / NAT How to
« Reply #24 on: January 19, 2005, 01:09:00 PM »
You have to check if iptables rules given here and in Transparent proxy tutorials are applied in right way.

to check if routing is fine..
Code: [Select]
cat  /proc/sys/net/ipv4/ip_forward if that give output = 1 then you are fine.

In your client you have to give gateway as ip of the linux box and DNS server as your ISP's DNS server IP. or you can give the ip same as your gateway but depends on other criteria so better give only DNS server ip of your ISP.

Offline rana28

  • Linux Noob !
  • *
  • Posts: 26
Transparenet Proxy
« Reply #25 on: January 20, 2005, 07:55:51 AM »
Dear Ricky
Sorry to disturb u, but my problem remains same, I wont start my transparent proxy , as told by u the given code cat  /proc/sys/net/ipv4/ip_forward  returns 1, someone tell me the following solution, pls tell me is this correct ?

Without httpd running on your squid-box you need this line in your iptables-script:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

If you have a httpd running on your squid box, these are the lines you need to insert into your iptables-script:

iptables -t nat -A PREROUTING -p tcp -d localhost --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d / --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -s ppp0 --dport 80 -j REDIRECT --to-port 3128

Offline rana28

  • Linux Noob !
  • *
  • Posts: 26
Transparenet Proxy
« Reply #26 on: January 20, 2005, 09:59:30 AM »
As told by u the command cat  /proc/sys/net/ipv4/ip_forward  return 1

Some body told me the following suggesstion , is this correct?


Without httpd running on your squid-box you need this line in your iptables-script:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

If you have a httpd running on your squid box, these are the lines you need to insert into your iptables-script:

iptables -t nat -A PREROUTING -p tcp -d localhost --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d / --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -s ppp0 --dport 80 -j REDIRECT --to-port 3128

Offline rana28

  • Linux Noob !
  • *
  • Posts: 26
Transparenet Proxy
« Reply #27 on: January 20, 2005, 10:00:10 AM »
As told by u the command cat  /proc/sys/net/ipv4/ip_forward  return 1

Some body told me the following suggesstion , is this correct?


Without httpd running on your squid-box you need this line in your iptables-script:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

If you have a httpd running on your squid box, these are the lines you need to insert into your iptables-script:

iptables -t nat -A PREROUTING -p tcp -d localhost --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d / --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -s ppp0 --dport 80 -j REDIRECT --to-port 3128

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Internet Sharing in Linux / NAT How to
« Reply #28 on: January 20, 2005, 11:27:13 AM »
you are running httpd on it ? you never told me ! well from my point of view never run trasparent proxy and httpd on same.. when you try that line as mine will cause error.

Offline rana28

  • Linux Noob !
  • *
  • Posts: 26
Trasnparent Proxy
« Reply #29 on: January 20, 2005, 11:50:46 AM »
I don't know whether I am running httpd or not , I try following command for testing , pls suggest what should I do
#ps ax| grep httpd
5535 pts/0 S 0:00 grep httpd

#ps ax|grep squid
3501  ?   S 0:00 squid -D
3503  ?   S 2:31 <squid> -D
5619  pts/0  S 0:00 grep squid

#iptables -L -n -t nat
Chain PREROUTING <policy ACCEPT>
target        prot  opt  source            destination
REDIRECT  all     --   0.0.0.0/0       0.0.0.0  tcp dpt:80 redir ports 3128

Chain PREROUTING <policy ACCEPT>
target             prot  opt  source            destination
MASQUERADE  all   ---   0.0.0.0/0          0.0.0.0

Chain PREROUTING <policy ACCEPT>
target        prot  opt  source            destination