# IP Tables Configuration Issue

## GeoAB

We are currently using the below rule to route network traffic from port 80 to port 8080 as a proxy server...

iptables -t nat -A PREROUTING -m tcp -p tcp --dport 80 -j REDIRECT --to-port 8080

Currently we have an issue that this proxy server cannot get to a specific host on the network (10.1.1.1), but from the network (172.16.16.0) in front of this proxy server we can. Without the nat rule above in place it just forwards the traffic and works without an issue so to get round this we were thinking of putting in another rule which excludes anything going to 10.1.1.1 from 172.16.16.0 so that it can bypass our nat rule above.

Anybody have any ideas on what rule we can use to do this?

----------

## Anon-E-moose

"man iptables" 

you can filter by source and destination including "!" negating

look for -s (source) and -d (destination) options

----------

## thegeezer

your rule says for everything going to port 80 redirec to 8080.

this includes itself.

adjust to be :

# iptables -t nat -A PREROUTING -i eth0 -m tcp ....

where eth0 is your lan

----------

## GeoAB

Thanks for your suggestions...

we managed to get it working using the following....

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -d 89.207.48.0/24 -j ACCEPT

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -d 172.20.15.10 -j ACCEPT

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 172.29.255.254:8080

----------

