iptable for single nic
rob0 at gmx.co.uk
Mon Jul 25 23:54:27 CEST 2005
john decot wrote:
> sorry it was the mistake in this mail. i have used redirect rules with
> --to-ports 3128 as
> iptables -A PREROUTING -t nat -p tcp -m tcp -i eth0 -s $lan_network_ip
> -d 0/0 -j REDIRECT --to-ports 3128
Where's the "--dport 80"? I have yet to see one which is perfect. Looks
like you're going to redirect all TCP traffic from $lan_network_ip to squid.
> but it seems not working again. is anything wrong with my transparent
> proxy configuration???
Offhand I'd guess so, but since I don't know your whole rule set I
cannot say for sure. Post your iptables-save(8) output to the list.
Also, look at "iptables -vt nat -nL" and note the packet counters.
iptables rules are evaluated in order. If an earlier rule matches these
packets, this rule you added won't be hit.
> any help..
Troubleshoot it yourself before you post again. Try
"telnet netfilter.org 80" from one of the clients and watch your squid
logs and check the iptables packet counters. Every attempt to go out on
port 80 should increment the counter by one, and should be logged in squid.
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
More information about the netfilter