• SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

force specific destination to proxy

B

bilboSNB

Senior Member
I would like to force transparently web traffic destined only for a certain ip address eg 1.1.1.1 to go through the proxy 192.168.0.1 port 8080. Looking at the wiki this can be done with ip tables, what would the appropriate rule be, if not this what?

The proxy is running on the router.

iptables -I PREROUTING -t nat -p udp -s `nvram get lan_ipaddr`/`nvram get lan_netmask` ! -d `nvram get lan_ipaddr`/`nvram get lan_netmask` --d 1.1.1.1 --dport 80 -j DNAT --to-destination `nvram get lan_ipaddr`:8080

thanks
 
Last edited:
Would this do it?

iptables -t nat -A PREROUTING --d 1.1.1.1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
 
If I put this in scripts will it work its a ddwrt, script?


#!/bin/sh
PROXY_IP=192.168.0.1
PROXY_PORT=8080
LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`





iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp -d 1.1.1.1 --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT
 
I've settled for this, seems to do what I want:



iptables -I PREROUTING -t nat -p udp -s `nvram get lan_ipaddr`/`nvram get lan_netmask` ! -d `nvram get lan_ipaddr`/`nvram get lan_netmask` --dport 53 -j DNAT --to-destination `nvram get lan_ipaddr`
iptables -t nat -A PREROUTING -i br0 -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! 192.168.0.1 -p tcp -d 216.239.32.20 --dport 80 -j DNAT --to 192.168.0.1:8080
iptables -t nat -A PREROUTING -i br0 -s ! 192.168.0.1 -p tcp -d 204.79.197.200 --dport 80 -j DNAT --to 192.168.0.1:8080
iptables -t nat -I POSTROUTING -o br0 -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d 192.168.0.1 -p tcp -j SNAT --to `nvram get lan_ipaddr`
iptables -I FORWARD -i br0 -o br0 -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d 192.168.0.1 -p tcp --dport 8080 -j ACCEPT
 
You must log in or register to reply here.

Similar threads

GShlomi
Sharing my DualWan with port forwarding and DDNS experience
Replies
0
Views
508
GShlomi
GShlomi
H
WireGuard DNS Traffic From All Clients Sent Over First WireGuard Client Connection
Replies
7
Views
2K
HarryMuscle
H
H
Port Forwarding Over WireGuard Connection?
2
Replies
22
Views
4K
houmi
houmi
G
VPN Client with Public IP, split tunnel web server over VPN and other traffic not on the VPN
Replies
4
Views
856
Grefyne
G
Jonnny
Port forwarding to VPN Client
Replies
0
Views
906
Jonnny
Jonnny
Similar threads
Thread starter Title Forum Replies Date
C force to flush flowcache entries Asuswrt-Merlin 1
K Is there anyway to force AiMesh to use eth8 as backhaul? Asuswrt-Merlin 4
C How to set upstream DNS but force clients to use the router for DNS? Asuswrt-Merlin 2
N Forward only specific port's traffic to Wireguard VPN Asuswrt-Merlin 1
M How to NAT traffic inbound to a specific host or network ? Asuswrt-Merlin 6
Celico Routing only traffic to specific IP through VPN? Asuswrt-Merlin 7
E Is there a way to switch a led to a specific colour by calling into a c program ? Asuswrt-Merlin 10
P Is there a way to suppress a specific message from syslog? Asuswrt-Merlin 0
Run5k Solved ASUS RT-AC68U router can't reach specific website - known issue? Asuswrt-Merlin 6

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 379 (members: 22, guests: 357)
Top