Thursday, January 26, 2012

squid redirection [setting]


#!/bin/sh
# chkconfig: 2345 99 00

case "$1" in
'start')
#---------------------------------------------------------------
# Load the NAT module
#
# Note: It is best to use the /etc/rc.local example in this
#       chapter. This value will not be retained in the
#       /etc/sysconfig/iptables file. Included only as a reminder.
#---------------------------------------------------------------

modprobe iptable_nat

#---------------------------------------------------------------
# Enable routing by modifying the ip_forward /proc filesystem file
#
# Note: It is best to use the /etc/sysctl.conf example in this
#       chapter. This value will not be retained in the
#       /etc/sysconfig/iptables file. Included only as a reminder.
#---------------------------------------------------------------

echo 1 > /proc/sys/net/ipv4/ip_forward

#---------------------------------------------------------------
# Allow masquerading
# - Interface eth0 is the internet interface
# - Interface eth1 is the private network interface
#---------------------------------------------------------------

#iptables -A POSTROUTING -t nat -o eth0 -s 192.168.1.0/24 -d 0/0 \
    #    -j MASQUERADE

#---------------------------------------------------------------
# Prior to masquerading, the packets are routed via the filter
# table's FORWARD chain.
# Allowed outbound: New, established and related connections
# Allowed inbound : Established and related connections
#---------------------------------------------------------------

iptables -A FORWARD -j ACCEPT
#Only port 80
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 0:442 -j REDIRECT --to-port 8080
# bypass SSL website
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 444:9999 -j REDIRECT --to-port 8080
#webmin port at 10000
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 10001:65535 -j REDIRECT --to-port 8080

#iptables -A FORWARD -t filter -o eth0 -m state -p tcp \
      #  --state NEW,ESTABLISHED,RELATED -j ACCEPT

#iptables -A FORWARD -t filter -i eth0 -m state -p tcp \
       # --state ESTABLISHED,RELATED -j ACCEPT    
#--state ESTABLISHED,RELATED -j ACCEPT

echo "Router started success!"
touch /var/lock/subsys/router
;;
'stop')
rm -f /var/lock/subsys/router
;;
*)
echo "Usage: $0 { start | stop }"
;;
esac
exit 0

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Related Posts Plugin for WordPress, Blogger...