Talk:NAT'ing firewall

From ArchWiki
Revision as of 20:09, 9 April 2010 by Thestinger (talk | contribs) (Custom Kernel: removing old talk about custom kernel for iptables support, etc)
Jump to navigation Jump to search

iptables rules

I'm not sure if these also apply when using shorewall. This is based on the following assumptions:

  • iptables server is the gateway server
  • squid is listening on port 3128
  • local network is connecting to the server is 192.168.0.0/23 and already has basic nat rules set up
  • iptables server is 192.168.1.7

It took me a while to realise that in addition to redirecting the traffic, the squid port needed to be opened before it would work:

echo " # open access to proxy - squid - port 3128"
$IPTABLES -A open -p tcp --syn --dport 3128 -j ACCEPT

echo " # Transparently forward http traffic to Squid"
$IPTABLES -t nat -A PREROUTING -i eth0 ! -d 192.168.1.7 -p tcp --dport 80 -j REDIRECT --to-port 3128

Move ?

I know that it redirects to this page, but wouldn't it be clearer to move this page to "Router" and just state that it is acomplished by using a NAT'ing firewall? I would be willing to put in the work. --Arcanazar 11:53, 30 July 2009 (EDT)