- Joined
- Sep 7, 2013
I'm running this in my DD-WRT router's firewall startup:
The above forwards all port 80 traffic destined to Wikia.com to Wikia.com and everything else to my proxy server at 192.168.1.3.
The reason I need to bypass the proxy for Wikia pages is there is a bug in Wingate 7 related to colons : in the web URL. It will deny access to that site because Wingate thinks you are trying to access a drive letter...
So will running the above script open up any security vulnerabilities?
I made the PREROUTING rules for the ip addresses but I didn't do SNAT back is that an issue?
Will the above script do as I want it too? Bypass the proxy for Wikia pages and send everything else to the proxy server?
I'm not too advanced with Iptables so that's why I'm asking
Thanks!
Code:
#!/bin/sh
PROXY_IP=192.168.1.3
PROXY_PORT=80
LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`
iptables -t nat -A PREROUTING -i br0 -d 104.156.81.194 -p tcp --dport 80 -j DNAT --to 104.156.81.194
iptables -t nat -A PREROUTING -i br0 -d 104.156.85.194 -p tcp --dport 80 -j DNAT --to 104.156.85.194
iptables -t nat -A PREROUTING -i br0 -d 23.235.33.194 -p tcp --dport 80 -j DNAT --to 23.235.33.194
iptables -t nat -A PREROUTING -i br0 -d 23.235.37.194 -p tcp --dport 80 -j DNAT --to 23.235.37.194
iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT
The above forwards all port 80 traffic destined to Wikia.com to Wikia.com and everything else to my proxy server at 192.168.1.3.
The reason I need to bypass the proxy for Wikia pages is there is a bug in Wingate 7 related to colons : in the web URL. It will deny access to that site because Wingate thinks you are trying to access a drive letter...
So will running the above script open up any security vulnerabilities?
I made the PREROUTING rules for the ip addresses but I didn't do SNAT back is that an issue?
Will the above script do as I want it too? Bypass the proxy for Wikia pages and send everything else to the proxy server?
I'm not too advanced with Iptables so that's why I'm asking
Thanks!