Re: port/ip redirection again

Amitay B Isaacs (amitay@w-o-i.com)
Sat, 4 Sep 1999 16:17:11 +051800


On Fri, Sep 03, 1999 at 06:10:21PM -0400, Denis Voitenko wrote:
> This question has been asked here a ton of times and never got a good answer
> so I will ask again. What is the way to redirect ports with ipchains? I am
> aware that there is a package on Debian besides ipchains that does that. But
> I want to do it with ipchains. I am starting to read the manual today, but I
> hope to get an answer before I am done with it.

ipchains supports redirecting packets before they are accepted i.e. in
input chain. For ipchains to be able to redirect packets to local
port, the kernel should have support for transparent proxy.

Once you have the right kernel, it is easy to redirect the packets
to a local port using REDIRECT target.

Here is an example. To redirect all outgoing HTTP packets from my
local network thru the local proxy running on port 3128:

ipchains -I input -p tcp -s 192.168.0.0/24 -d 0/0 80 -j REDIRECT 3128

ipchains can redirect packets only to the localhost. To redirect
packets to different host, you will have to use a supporting
package called ipmasqadm. Check http://ipmasq.home.ml.org

I hope this helps.

Amitay.

-- 

Be good to yourself. Be patient. Be kind. Be forgiving. You're all you've got. - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu