Recently I have to do some redirection based on iptables on DD-WRT powerd router. I didn’t find any useful information on google, so this is how I had done this.
First of all, redirection will be done for all packets going to port 80 to internet from every host connected to internal network. Here is script that I have used for this redirection:
#!/bin/sh PROXY_IP=[IP] PROXY_PORT=[PORT] LAN_IP=`nvram get lan_ipaddr` LAN_NET=$LAN_IP/`nvram get lan_netmask` iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d ! $LAN_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT iptables -t nat -A POSTROUTING -o br0 -s $PROXY_IP -p tcp -d $LAN_NET -j SNAT --to $PROXY_IP iptables -A FORWARD -i vlan1 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT
To use this script You must just change [IP] to IP address that traffic will be redirected, and [PORT] to port to which traffic will be redirected. Then go to Administration/Commands and paste this (of course with changed ip and port of proxy), then save firewall. After that everything should work.
This script will redirect all requests done on port 80 to our PROXY_IP and PROXY_PORT.
LAN_IP is the routers internal interface address, and LAN_NET is network configured on that interface, so there is no need to reconfigure this script if You will change configuration of router.
Of course You can change port which should be redirected to PROXY, to do this just change destination port (which is described by –dport 80) to 443 (if You want to redirect all https traffic), so this line should be like this – to redirect all https requests to proxy server:
iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d ! $LAN_IP -p tcp --dport 443 -j DNAT --to $PROXY_IP:$PROXY_PORT
For more explanation, the first line (the one beginning with “iptables”) is used to redirect all traffic on given port to proxy server, the second one is used to know where packets going from proxy server must go (to internal hosts), and the last one permits that packet on firewall.
If You need more info please let me know – leave comment and I will reply asap.