ClearFoundation

I can't get my brain wrapped around this..
I want to force some IP addresses through the proxy/content filter transparently, but not all of them.

I know that to do that I need to force requests to port 80 on those IPs to port 8080, and also block access to port 3128. I just don't know how the heck to write the iptable rule to do it, or exactly where to place it.

If someone familiar with iptables can help me out I'd really appreciate it.
thanks

Have a play with:-

Change 192.168.0.5 to what ever IP you want to redirect.
Assumes eth0 is your LAN interface,
Change --to-ports 3128 to direct to proxy instead of content filter on 8080

Review your changes by using, if it doesn't work wipe it out with 'service firewall restart'

If everything works as you want it then add the lines to /etc/rc.d/rc.firewall.local so that they stick after the firewall restarts.

Thanks Tim!

I'll give that a try when I'm at home tonight.

Can I substitute the IP address for a range of IP's?

How about filtering it by MAC instead of IP? I haven't seen anything in the iptables docs that says I can, so I'm assuming not.

you can specify subnets in the CIDR form 192.168.0.0/24 for example

I'[ve not tried but you maybe able to do something similar with -m mac --mac-source AA:BB:CC:DD:EE. But as mac address can be spoofed i'm not sure it's worth it?

I'm not worried about someone spoofing the MAC. It's a home network, just trying to keep my kids from the naughtier bits of the internet. I can see scenarios where the IP could get changed, but the MAC will stay the same.

I'll give both methods a try and let you know how it works out.
Thanks again.

Tim-

This works beautifully!! Both the IP method and the MAC method worked.
Thanks much! I really appreciate the help.

Now if we could come up with a webconfig module, but I highly doubt I can figure out the php to do that, LOL.

Great no problems, we should add it to the wish list