Skip to content

Instantly share code, notes, and snippets.

@freekode

freekode/gist:331446412c6a114fccd8f8ad8964f869

Created January 18, 2017 19:51
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save freekode/331446412c6a114fccd8f8ad8964f869 to your computer and use it in GitHub Desktop.
Save freekode/331446412c6a114fccd8f8ad8964f869 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
$ sudo iptables -F
$ sudo iptables -F -t nat
Разрешаем принимать ответ на УЖЕ установленный соединени:
sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
Разрешаем весь трафик с нашей внутренней сети (возьмем подсеть 222):
sudo iptables -A INPUT -s 192.168.222.0/24 -i eth1 -j ACCEPT
И, залог прозрачности! Перенапрявляем весь исходящий http-трафик (на порт 80) на порт сквида 3128:
iptables -t nat -A PREROUTING -s 192.168.222.0/24 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A POSTROUTING -s 192.168.222.0/24 -o eth0 -j SNAT --to-source 192.168.56.39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment