[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

several problem with SNAT and transproxy

Dear debians,

i have gateway with 8 ips on 202.46.80.178 - 202.46.80.185
my eth0 is 202.46.80.178 load from /etc/network/interfaces
and the othres were eth0:0, eth0:1, eth0,2 etc. 
owh..and my eth1 at 192.168.1.1
my kernel is : Linux toutatis 2.4.18-bf2.4 #1 Son Apr 14 09:53:28 CEST 2002 i686 GNU/Linux
my loading modules iptables was :
Module                  Size  Used by    Not tainted
ipt_REDIRECT             736   0  (autoclean)
ipt_MASQUERADE          1216   1  (autoclean)
ipt_REJECT              2816   5  (autoclean)
iptable_nat            12660   1  (autoclean) [ipt_REDIRECT
ipt_MASQUERADE]
ip_conntrack           12684   1  (autoclean) [ipt_REDIRECT
ipt_MASQUERADE iptable_nat]
iptable_filter          1728   1  (autoclean)
ip_tables              10432   7  [ipt_REDIRECT ipt_MASQUERADE ipt_REJECT iptable_nat iptable_filter]

my client want diferent ip on his gourp PCs. 
4 or 5 ips internal use 1 ip external

hmmm... and squid running on port 3128.

this my iptables.sh load at /etc/init.d/iptables.sh. 
was linked by update-rc.d -f iptables.sh defaults, for activate on boot

-----------------------------------------------------------------------
#!/bin/bash
#iptables.sh (obenk@toutatis.karet.org)
#ifconfig rules
IFCONFIG="/sbin/ifconfig"
$IFCONFIG eth0:0 202.46.80.179 netmask 255.255.255.240
$IFCONFIG eth0:1 202.46.80.180 netmask 255.255.255.240
$IFCONFIG eth0:2 202.46.80.181 netmask 255.255.255.240
$IFCONFIG eth0:3 202.46.80.182 netmask 255.255.255.240
$IFCONFIG eth0:4 202.46.80.183 netmask 255.255.255.240
$IFCONFIG eth0:5 202.46.80.184 netmask 255.255.255.240
$IFCONFIG eth0:6 202.46.80.185 netmask 255.255.255.240

IPTABLES="/sbin/iptables"
#iptables rules
echo 1 > /proc/sys/net/ipv4/ip_forward
$IPTABLES -F INPUT
$IPTABLES -F FORWARD
$IPTABLES -F OUTPUT
$IPTABLES -F -t nat
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT


#client want diferen ip for some reasons
$IPTABLES -t nat -A POSTROUTING -o eth1 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.2 -o eth0+ -j SNAT --to 202.46.80.179
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.3 -o eth0+ -j SNAT --to 202.46.80.179
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.4 -o eth0+ -j SNAT --to 202.46.80.179
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.5 -o eth0+ -j SNAT --to 202.46.80.179
#
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.6 -o eth0+ -j SNAT --to 202.46.80.180
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.7 -o eth0+ -j SNAT --to 202.46.80.180
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.8 -o eth0+ -j SNAT --to 202.46.80.180
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.9 -o eth0+ -j SNAT --to 202.46.80.180
#
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.10 -o eth0+ -j SNAT --to 202.46.80.181
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.11 -o eth0+ -j SNAT --to 202.46.80.181
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.12 -o eth0+ -j SNAT --to 202.46.80.181
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.13 -o eth0+ -j SNAT --to 202.46.80.181
#
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.14 -o eth0+ -j SNAT --to 202.46.80.182
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.15 -o eth0+ -j SNAT --to 202.46.80.182
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.16 -o eth0+ -j SNAT --to 202.46.80.182
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.17 -o eth0+ -j SNAT --to 202.46.80.182
#
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.18 -o eth0+ -j SNAT --to 202.46.80.183
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.19 -o eth0+ -j SNAT --to 202.46.80.183
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.20 -o eth0+ -j SNAT --to 202.46.80.183
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.21 -o eth0+ -j SNAT --to 202.46.80.183
#
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.22 -o eth0+ -j SNAT --to 202.46.80.184
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.23 -o eth0+ -j SNAT --to 202.46.80.184
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.24 -o eth0+ -j SNAT --to 202.46.80.184
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.25 -o eth0+ -j SNAT --to 202.46.80.184
#
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.26 -o eth0+ -j SNAT --to 202.46.80.185
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.27 -o eth0+ -j SNAT --to 202.46.80.185
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.28 -o eth0+ -j SNAT --to 202.46.80.185
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.29 -o eth0+ -j SNAT --to 202.46.80.185
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.30 -o eth0+ -j SNAT --to 202.46.80.185

echo "NAT done"


#squid transproxy thats not work
#$IPTABLES -t nat -A PREROUTING -i eth1 -p tcp -s 192.168.1.0/24 -d ! 192.168.1.0/24 --dport 80 -j REDIRECT --to-port 3128
--------------------------------------------------------------------------------------------------------------------------

when i am uncommand trans proxy. my clients pc were erors msg like :

113974241.016     12 192.168.1.16 TCP_DENIED/400 1510 POST /t/comments - NONE/- text/html
1113974243.511     26 192.168.1.10 TCP_DENIED/400 1510 GET /king/1.gif - NONE/- text/html
1113974243.524      4 192.168.1.10 TCP_DENIED/400 1510 GET /king/1.gif - NONE/- text/html

my squid was ok. since i am configure my konqueror proxy to 192.168.1.1 3128.


i think... that line was wrong?, or my whole postrouting was wrong.?,
anyone have clue. for my condition. ?


thanks alot debs.


.obenk
Reply to: