I have a particular case.
I have this
a) Server 1 RH 4.0 with a HP Proliant
1 Nic 200.78..x.2 as a External nic with Dedicated
Connection to
Internet via E1(T1)
1 Nic 192.168.x.2 as a Internal nic for LAN
b) Cisco Pix 501 Firewall acting as a router conected to a
MPLS Connection
1 Nic 192.168.x.8
c) The LAN 192.168.x.x with 50 users aprox. using Windows XP
Professional
Actually i have a setup of transparent proxy with iptables
via squid,
without problems.
i have this rules in iptables (81 is the port of my squid)
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i $INTIF -p tcp --dport 80
-j REDIRECT
--to-port 81
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
But i need to access some SSL webpages within the lan to
another
office in another city, and this only can be done via the
Cisco Pix
501 {see b) }.
I tried a rule of route:
/sbin/route add -net 140.85.x.0 netmask 255.255.252.0 gw
192.168.x.8
since the site i want to acess via PIX are in this ip
family, but dont
work in the transparent proxy.
i added the squid proxy ip in the SSL section in browser of
a station,
and works.
So i want to know how i can reroute some ip address that i
cannot
reach via internet but only via PIX 501, and make that
trasparent for
the users. I use DHCP, and i dont want to mess with manual
configurations per machines, since i have some laptops too.
I only have problems with SSL conections i want to resolve
this.
i also tried this but dont work:
$IPTABLES -t nat -A PREROUTING -i $INTIF -p tcp --dport 443
-j
REDIRECT --to-port 81
Please Help.
_______________________________________________
rhn-users mailing list
rhn-users redhat.com
htt
ps://www.redhat.com/mailman/listinfo/rhn-users
|