Results 1 to 3 of 3

Thread: iptables, maquerading and dansguardian

  1. #1
    Join Date
    Jun 2013

    iptables, maquerading and dansguardian


    I want to set up a box for a college network that will port forward from eth1 - 172.16.x.x (green) to eth0 192.168.x.x (red) while passing all web traffic (http, https) through dans guardian (installed on the same box).

    The set up side is fine. What I need help with is the iptables rules to configure this. When I set this up, everything forwards but dans doesn't work.

    -A OUTPUT -p tcp -m owner ! --uid-owner 13 -m tcp --dport 80 -j REDIRECT --to-ports 8080

    Any ideas?

  2. #2
    Join Date
    Jan 2008
    Kubuntu 13.04 Raring Ringtail

    Re: iptables, maquerading and dansguardian

    -A OUTPUT -p tcp -m owner ! --uid-owner 13 -m tcp --dport 80 -j REDIRECT --to-ports 8080
    Are you trying to redirect only traffic from your box? Because OUTPUT chain is used only for locally generated traffic. So the above rule will not be applied for traffic forwarded from 172.16.x.x to 192.168.x.x.
    If you want to redirect forwarded traffic the rule should be added to PREROUTING.

  3. #3
    Join Date
    Sep 2013

    Re: iptables, maquerading and dansguardian

    My question was related to the closed thread

    the iptables entry:
    iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 8080
    works fine but it stops some php POST and GET for a time based hotspot session initialisation.
    I have no idea what kind of handshaking takes place between the local gateway and the remote one to start a new session but the firewall stops it.
    I added exceptions on
    dans guardian lists that now match as seen in access.log but it does not go any further and the walled garden is waiting for some information from external gateway.
    Any idea where I can start from?


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts