[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter
Subject: Re: NAT Information
From: "..." <betolourenco () ig ! com ! br>
Date: 2003-01-29 11:39:13
[Download RAW message or body]
Try to use squid...
...
----- Original Message -----
From: Simone Sestini
To: netfilter@lists.netfilter.org
Sent: Wednesday, January 29, 2003 8:13 AM
Subject: NAT Information
Hi folks....
I did a special NAT-Firewall box for a dialup server..
I use the rules like that..
/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.2.0/23 -o eth0 -j SNAT --to \
PUBLIC_IP1 /usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.4.0/23 -o eth0 -j \
SNAT --to PUBLIC_IP2 /usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.6.0/23 \
-o eth0 -j SNAT --to PUBLIC_IP3 /usr/local/sbin/iptables -t nat -A POSTROUTING -s \
10.20.8.0/23 -o eth0 -j SNAT --to PUBLIC_IP4 /usr/local/sbin/iptables -t nat -A \
POSTROUTING -s 10.20.10.0/23 -o eth0 -j SNAT --to PUBLIC_IP5 \
/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.12.0/23 -o eth0 -j SNAT --to \
PUBLIC_IP6
now.. i need to set for examples the class 10.20.10.0/23 to browse only \
www.microsoft.com and www.ibm.com.
How can i modify my chain ?
I have try to insert a -t nat -A OUTPUT or a -t nat -A PREROUTING rules but nothing \
is blocking the browsinf over internet..
Any idea ?
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Simone Sestini [ SS971-RIPE ]
Plug IT s.p.a. - Technical Office
Via Galileo Ferraris 216
52100 Arezzo
Titles:
System and Network Administrator
Data Transmission Manager
Fax +39 199 440088
E-mail simone.sestini@plugit.net
Web http://www.plugit.it
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1126" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Try to use squid...</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>...</FONT></DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 \
2px solid; MARGIN-RIGHT: 0px"> <DIV style="FONT: 10pt arial">----- Original Message \
----- </DIV> <DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=simone.sestini@plugit.net
href="mailto:simone.sestini@plugit.net">Simone Sestini</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=netfilter@lists.netfilter.org
href="mailto:netfilter@lists.netfilter.org">netfilter@lists.netfilter.org</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Wednesday, January 29, 2003 8:13
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> NAT Information</DIV>
<DIV><BR></DIV>Hi folks....<BR><BR>I did a special NAT-Firewall box for a
dialup server..<BR><BR>I use the rules like
that..<BR><BR>/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.2.0/23
-o eth0 -j SNAT --to PUBLIC_IP1<BR>/usr/local/sbin/iptables -t nat -A
POSTROUTING -s 10.20.4.0/23 -o eth0 -j SNAT --to
PUBLIC_IP2<BR>/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.6.0/23
-o eth0 -j SNAT --to PUBLIC_IP3<BR>/usr/local/sbin/iptables -t nat -A
POSTROUTING -s 10.20.8.0/23 -o eth0 -j SNAT --to
PUBLIC_IP4<BR>/usr/local/sbin/iptables -t nat -A POSTROUTING -s 10.20.10.0/23
-o eth0 -j SNAT --to PUBLIC_IP5<BR>/usr/local/sbin/iptables -t nat -A
POSTROUTING -s 10.20.12.0/23 -o eth0 -j SNAT --to PUBLIC_IP6<BR><BR>now.. i
need to set for examples the class 10.20.10.0/23 to browse only <A
href="http://www.microsoft.com/" eudora="autourl">www.microsoft.com</A> and <A
href="http://www.ibm.com/" eudora="autourl">www.ibm.com</A>.<BR><BR>How can i
modify my chain ?<BR><BR>I have try to insert a -t nat -A OUTPUT or a -t nat
-A PREROUTING rules but nothing is blocking the browsinf over
internet..<BR><BR>Any idea ?<BR><BR><BR><X-SIGSEP>
<P></X-SIGSEP><FONT
face=Verdana>::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::<BR><BR></FONT><FONT \
face=Verdana color=#ff0000><B>Simone Sestini </FONT><FONT face=Verdana
color=#ff0000 size=2>[ SS971-RIPE ]<BR><BR></B></FONT>Plug IT s.p.a. -
Technical Office<BR>Via Galileo Ferraris 216<BR>52100 Arezzo<BR><BR><TT><FONT
face="Courier New, Courier" color=#0000ff>Titles:<BR>System and Network
Administrator<BR>Data Transmission
Manager<BR><BR>Fax<X-TAB> </X-TAB><X-TAB> </X-TAB>+39 \
199
440088<BR>E-mail<X-TAB> </X-TAB>simone.sestini@plugit.net<BR>Web<X-TAB>&n \
bsp; </X-TAB><X-TAB> </X-TAB><A \
href="http://www.plugit.it/"
eudora="autourl">http://www.plugit.it</A><BR><BR></FONT></TT><FONT
face=Verdana><U>:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: \
<BR></FONT></U></P></BLOCKQUOTE></BODY></HTML>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic