Salut,
bon voilà mon problème j’ai mi des règles iptables pour rediriger les requêtes du lan pour obliger a passer par le proxy 192.168.0.1:3128
(proxy transparent)
eth1 = carte WAN
eth2 = carte LAN
voici les règles que j’ai mi pour iptables, si vous voulez bien vérifier quelles sont justes car je n’arrive pas a me connecter via le lan mais bien via le serveur:
server:~# iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to 192.168.0.1:3128
server:~# iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
car je suis pas encore très a l’aise avec iptables.
voici mes règles en gros:
[code]sserver:~# iptables -L --line-numbers
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT 0 – anywhere server.zone.teledisnet.be
2 ACCEPT 0 – anywhere anywhere
3 ACCEPT 0 – anywhere anywhere
4 ACCEPT tcp – anywhere anywhere
5 ACCEPT udp – anywhere anywhere
6 ACCEPT icmp – anywhere anywhere
7 ACCEPT tcp – anywhere anywhere tcp spts:1024:65535 dpt:ftp-data
8 ACCEPT tcp – anywhere anywhere tcp spts:1024:65535 dpt:ftp
9 ACCEPT tcp – anywhere anywhere tcp spts:1024:65535 dpt:www
10 DROP 0 – 198.0.0.255 anywhere
11 DROP 0 – anywhere 198.0.0.255
12 DROP 0 – default anywhere
13 DROP 0 – anywhere default
14 DROP 0 – 255.255.255.255 anywhere
15 DROP 0 – anywhere 255.255.255.255
16 log_and_drop 0 – anywhere anywhere
17 LOG 0 – anywhere anywhere LOG level emerg prefix `FW '
18 REJECT 0 – anywhere anywhere reject-with icmp-port-unreachable
19 DROP tcp – anywhere anywhere tcp dpt:telnet
20 ACCEPT icmp – anywhere anywhere icmp echo-request limit: avg 2/sec burst 5
21 DROP icmp – anywhere anywhere icmp echo-request
22 ACCEPT 0 – 192.168.0.0/24 server.zone.teledisnet.be
23 DROP udp – anywhere anywhere
24 DROP tcp – anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
Chain FORWARD (policy DROP)
num target prot opt source destination
1 ACCEPT 0 – 192.168.0.0/24 anywhere
2 ACCEPT 0 – anywhere anywhere
3 LOG tcp – anywhere anywhere tcp dpt:www flags:FIN,SYN,RST,ACK/SYN LOG level warning prefix `quelqu’un surf…’
Chain OUTPUT (policy DROP)
num target prot opt source destination
1 ACCEPT 0 – anywhere anywhere
2 ACCEPT 0 – anywhere anywhere
3 ACCEPT 0 – anywhere anywhere
4 ACCEPT tcp – anywhere anywhere
5 ACCEPT udp – anywhere anywhere
6 ACCEPT icmp – anywhere anywhere
7 ACCEPT 0 – anywhere anywhere
8 DROP 0 – 198.0.0.255 anywhere
9 DROP 0 – anywhere 198.0.0.255
10 DROP 0 – default anywhere
11 DROP 0 – anywhere default
12 DROP 0 – 255.255.255.255 anywhere
13 DROP 0 – anywhere 255.255.255.255
Chain log_and_drop (1 references)
num target prot opt source destination
[/code]
et voici ce que j’ai dans les logs de squid lorsque j’essai de me connecter via une machine du LAN:
server:~# tail -f /var/log/squid/access.log
1173356150.323 7 192.168.0.250 TCP_DENIED/400 1692 GET error:invalid-request - NONE/- text/html
1173356155.344 63 192.168.0.250 TCP_DENIED/400 1692 GET error:invalid-request - NONE/- text/html
1173356156.046 40 192.168.0.250 TCP_DENIED/400 1692 GET error:invalid-request - NONE/- text/html
1173356156.728 23 192.168.0.250 TCP_DENIED/400 1692 GET error:invalid-request - NONE/- text/html
1173356156.867 12 192.168.0.250 TCP_DENIED/400 1692 GET error:invalid-request - NONE/- text/html
1173356159.087 59 192.168.0.250 TCP_DENIED/400 1687 GET error:invalid-request - NONE/- text/html
1173356181.314 1 192.168.0.250 TCP_DENIED/400 1874 GET error:invalid-request - NONE/- text/html
1173356825.529 1 192.168.0.250 TCP_DENIED/400 1687 GET error:invalid-request - NONE/- text/html
1173356826.849 24 192.168.0.250 TCP_DENIED/400 1687 GET error:invalid-request - NONE/- text/html
1173356830.449 59 192.168.0.250 TCP_DENIED/400 1713 GET error:invalid-request - NONE/- text/html