Answer the question
In order to leave comments, you need to log in
How to give computers with specific ip addresses direct access to the Internet bypassing the squid proxy server?
There is a server on Centos Linux with two network interface cards. One accepts the ISP eth 0, the other looks into the local network eth1. A Squid proxy server is installed, through which all computers on the network go. I have already asked the question that I cannot set up the Onwebinar web conferencing service, which works using p2p flash technology. It cannot communicate with other members due to our proxy server. What to do with it - I do not know.
If you still cannot configure this service to work through a proxy server, then you can somehow make some computers on the local network work with certain ip addresses (or a separate subnet) bypassing the Squid proxy server. Probably this can be done somehow through iptables, but I do not know the correct commands and sequence of commands.
Now in iptables in the nat section, port redirects are registered to the port of the proxy server 3128.
Answer the question
In order to leave comments, you need to log in
Port forwarding will help, you just need to understand which ports to open
Open UDP ports in the range 1024-65535.
magicpast.net/software/index.php?page=probros-port...
You can set up a TURN server behind a nat. www.adobe.com/devnet/flashplayer/articles/rtmfp_ci...
Tester cc.rtmfp.net
Check your
flash player version.
Or forward ports to some ip
iptables -t nat -I PREROUTING -p tcp --dport 1024:65535 -j DNAT --to-destination 192.168.1.100
I think I understand what you need to do. The first option, and the simplest, is to make computers white IP addresses.
The second option, which will definitely work, is to make a hole and use full cone nat instead of normal NAT.
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o <ваш исх интерфейс> -j MASQUERADE
This is a screenshot from the network computer from which I want to go to the webinar
yadi.sk/d/v4nZ1aXBEZFp2
And this is from the server itself, everything is fine there
yadi.sk/d/uDneOt5sEZFqm
Here is iptables
*nat
:PREROUTING ACCEPT [1:386067]
:POSTROUTING ACCEPT [1:194678]
:OUTPUT ACCEPT [1:194678]
-A PREROUTING -i 192.168.1.195 -p tcp -m tcp --dport 80 -j ACCEPT
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128.
-A PREROUTING -i eth1 -p tcp -m tcp --dport 8080 -j REDIRECT --to-ports 3128.
-A PREROUTING -i eth1 -p tcp -m tcp --dport 280 -j REDIRECT --to-ports 3128.
-A PREROUTING -i eth1 -p tcp -m tcp --dport 488 -j REDIRECT --to -ports 3128.
-A PREROUTING -i eth1 -p tcp -m tcp --dport 777 -j REDIRECT --to-ports 3128.
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE.
COMMIT
# Completed on Sat Oct 19 01:13:14 2013
# Generated by iptables-save v1.4.7 on Sat Oct 19 01:13:14 2013
*mangle
:PREROUTING ACCEPT [371263:162270149]
:INPUT ACCEPT [1024:161464707]
:FORWARD ACCEPT [1024:794498]
:OUTPUT ACCEPT [3974 :196075533]
:POSTROUTING ACCEPT [403223:197038940]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill.
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill.
*filter
:FORWARD ACCEPT [1024:65535]
:INPUT ACCEPT [1024:65535]
:OUTPUT ACCEPT [1024:65535]
-A INPUT -p tcp -m state -m tcp --dport 80 --state NEW -j ACCEPT
- A FORWARD -i eth1 -o eth0 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1024:65535 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 1024:65535 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 1024:65535 -j ACCEPT
-A FORWARD -m state --state NEW -i eth1 -s 192.168.1.0/24 -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -j ACCEPT
-A FORWARD -s 192.168.1.195/24 -i eth1 -j ACCEPT
-A FORWARD -d 192.168.1.195/24 -i eth0 -j ACCEPT
COMMIT
# Completed on Sat Oct 19 01:13:14 2013
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question