Iptables redirect 0/0:80 -> 127.0.0.1:8080

[haneo]

I want to redirect all my outgoing connection on port 80 to my eth0 port 8080 (to squid)

I am using IPTABLES with simple line:

#/sbin/iptables -A OUTPUT -p tcp -d 0/0 --dport 80 -j DNAT --to 192.168.1.122:8080

But with :
#tail -f /var/log/squid/access.log
when i request

http://www.google.com/linux,

i get:
------------
1014027725.803 0 192.168.1.122 NONE/400 1062 GET / - NONE/- -
1014027725.803 3000 127.0.0.1 TCP_MISS/400 1096 GET

http://www.google.com/

- DIRECT/

http://www.google.com

text/html
-------------

And in my browser i see :
----------
The requested URL could not be retrieved
While trying to retrieve the URL: /
........
.......

Am i wrong else where ?
Can some one help ?
-------------

 

[ifincham]

Hi,

If you are running squid on the same box you can't redirect port 80 like that because squid itself needs to use that to talk to the internet. For clients to use squid, the normal way is to configure the browser in the proxies section to point to the IP address of the squid box and the port number on which squid is running (default 3128) . For example, Opera is at File -> Preferences -> Network -> Proxy Servers. You just type in the IP address and port :

192.168.1.122 8080 (if thats the port you are running squid on)

If you want to use iptables you would actually use the 'nat' chain -->

/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.1.122:8080



Hope this helps

 

[haneo]

Thanks ifincham it's clear now.
But i have one idea, is it possible:
make an alias for eth0 =>eth0:0
can i force only squid on my pc to connect by using eth0:0 not eth0

Anyapps -> esquid
eth0/Port80 -> eth0:0/Port8080

and just adjuste the chaine listed above.
thanks

 

[ifincham]

Hi,

Yes that should work fine. On redhat, the easiest is to go into the /etc/sysconfig/network-scripts directory and copy 'ifcfg-eth0' as 'ifcfg-eth0:0' and then edit that latter file with the settings you want. That way the aliased interface will be started / stopped, etc., via the normal init scripts and its all very easy :

/etc/rc.d/init.d/network restart

Regards

 

[haneo]

Thanks ifincham for your answer ;-)

But what i still ignoring is who to force squid to connect to internet with eth0:0 interface and not eth0 ? to respect this shema:

Anyapps -> squid
eth0/Port80 -> eth0:0/Port8080

so squid will not be redirected to itself by this line

#/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.1.122:8080

If i can force squid to connect with eth0:0 and not by eth0 all the problem will be resolve


I will replace the iptables chaine by this :

#/sbin/iptables -t nat -A PREROUTING -p tcp -s (IP_OF_eth0) --dport 80 -j DNAT --to (IP_OF_eth0:0):8080

Thanks in advance ;-)

 

[ifincham]

Hi,

You should be able to set the following in squid.conf :

tcp_outgoing_address 10.0.0.1
udp_outgoing_address 10.0.0.1

(i.e. set to relevant IP address)

Obviously, you would need connectivity thru that aliased interface, i.e. the routing must work !

Regards