Guruplug server plus and iptables

[asheikh]

hi,

I have got my guruplug server plus which I have configured and installed all the packages that I wanted.... I have only one problem that I couldn't be able to solve for the last 3 days, and I don't know why it is not working...

I have installed dansguardian, squad and working fine. I want to forward traffic from the  LAN port 80  to 192.168.1.1:8080. I want this, because I don't want to configure the browser and enter proxy ip, and the port. I want this to work for any box in my home LAN without any configuration.

Below is my my script to setup port forwading and all that is related to iptables:  I would really appriciate if anyone could tell me why this not workingL

Note: eth0 is external, and eth1 is enternal

sheevaplug-debian:~# cat iptable.sh
#!/bin/sh

PROXY_IP=192.168.1.
PROXY_PORT=8080
LAN_IP=192.168.1.0
LAN_NET=$LAN_IP/24

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward


iptables -t nat -A PREROUTING -i eth1 -s $LAN_NET  -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -s $LAN_NET -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -I POSTROUTING -o eth1 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
iptables -I FORWARD -i eth1 -o eth1 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT

----------------------------------------------------------
sheevaplug-debian:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  192.168.1.0/24       192.168.1.1         tcp dpt:http-alt

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
sheevaplug-debian:~#


----------------------------------------------------------
sheevaplug-debian:~# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  192.168.1.0/24       anywhere            tcp dpt:www
DNAT       tcp  --  192.168.1.0/24       anywhere            tcp dpt:www to:192.168.1.1:8080

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       tcp  --  192.168.1.0/24       192.168.1.1         to:192.168.1.0
MASQUERADE  all  --  anywhere             anywhere           
MASQUERADE  all  --  anywhere             anywhere           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
sheevaplug-debian:~#



Thanks in advance

[asheikh]

Hi,

I have even tried the following two rules, and it doesn't work...please tell me what I am missing....


iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -A INPUT -p tcp -m state --state NEW --dport 80 -i eth1 -j ACCEPT

Thanks