[sf-lug] iptables and multiple NAT network?
jturner at nonzerosums.org
Wed Aug 29 16:29:19 PDT 2007
Sketch of network in question,
Hello folks. It would probably be helpful to see the pic above. We
have a network server with two interfaces,
eth1(192.168.1) connects to a DSL modem/router
eth0(192.168.0) serves up dhcp and who knows what(in the future) to a
lab of edubuntu machines.
In an attempt to sanitize web results, we've tried to add DansGuardian
(http://dansguardian.org/) and web proxying to the mix. The attempt
made use of iptables on the server to redirect all web(or port 80)
outgoing traffic. Yes, 443 and others represent possible gaps in
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
Perhaps already obvious to some, long story short this does not
work. My memory may not be entirely correct here(so I hope others
chime in with any corrections/clarifications) but it seemed that
filtering WAS working. Trying to surf to DG-recognized "naughty"
places gave the correct block message. However, surfing to any place
else was also blocked too... with an HTTP error? (my memory fails
here) And I'm talking about surfing from the lab machines. Surfing
directly from the server seemed to work correctly.
*So, I'm seeking guidance about how to correctly set something like
this up in a network like the one outlined above.* Additional bits
about better ways to achieve the aim of filtering are appreciated
too. While children were the audience in mind, perhaps we should use
a more flexible configuration? BTW, the server is setup with default
gateway 192.168.1.254(DSL router).
Ladies, Gents. Please school me in this confusing art. Any help
More information about the sf-lug