F-SECURE INTERNET GATEKEEPER FOR LINUX 4.01 Administrator's Manual page 111

2 Change the access destination of the client to FSIGK:9110 by changing iptables on Internet
Gatekeeper.
• Configuring the web console:
From the web console, select "HTTP", "SMTP", "POP", or "FTP" from the "Proxy settings" menu.
Select
Edit NAT (iptables) redirect settings
On the "Edit NATA (iptables) redirect settings" page, check that NAT redirect is enabled for
each service. Click Save. Store the settings with the following command:
/etc/rc.d/init.d/iptables save
• Configuring with the iptables command:
Run the following commands to make sure that iptables is operating normally and unneeded
ipchains are not working:
FSIGK# /etc/rc.d/init.d/ipchains stop
FSIGK# chkconfig ipchains off
FSIGK# /etc/rc.d/init.d/iptables restart
Next, run the following commands to redirect the server access to each service (http(80),
smtp(25), pop(110), ftp(21)) to 9080, 9025, 9110, 9021 of FSIGK:
FSIGK# iptables -t nat -A PREROUTING ¥
-p tcp --dport 80 -j REDIRECT --to-port 9080
FSIGK# iptables -t nat -A PREROUTING ¥
-p tcp --dport 25 -j REDIRECT --to-port 9025
FSIGK# iptables -t nat -A PREROUTING ¥
-p tcp --dport 110 -j REDIRECT --to-port 9110
FSIGK# iptables -t nat -A PREROUTING ¥
-p tcp --dport 21 -j REDIRECT --to-port 9021
Save the settings by running the following command:
FSIGK# /etc/rc.d/init.d/iptables save
Note! See your Linux distribution documentation for information on how to store
and modify iptables.
After setting the iptables, check that Internet Gatekeeper that uses the converted port
(FSIGK:9080, FSIGK:9025, FSIGK:9110, FSIGK:9021) can be accessed when a client accesses
the pre-converted service (FSIGK:80, FSIGK:25, FSIGK:110, FSIGK:21).
F-Secure Internet Gatekeeper for Linux/Administrator's Guide
You can change the iptable settings also by running the following command:
/opt/f-secure/fsigk/misc/rc.transparent
in "Transparent proxy".
111