1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is this Iptable correct

Discussion in 'Tomato Firmware' started by fordjohn, Apr 9, 2014.

  1. fordjohn

    fordjohn Network Newbie Member

    Does the script below do the job of routing web requests from devices on my network to my squid proxy server (with transparent configured) and then back to the router and out to the internet. I know that my proxy server works as it forwards requests when I configure the browser to send request to the proxy on port 3128. When I enable this script on my tomato router (latest version of shibby) I get a proxy server message saying request denied. That tells me that the router is directing traffic to port 3128 on my proxy server but for some reason it is not getting out to the web server requested. I don't know enough about iptables to determine if they are the problem or if there is a problem with the proxy server. Any help would be appreciated.

    LAN_IP=`nvram get lan_ipaddr`
    LAN_NET=$LAN_IP/`nvram get lan_netmask`

    iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
    iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
    iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
    iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT

Share This Page