Transparent proxying iptables help needed
Vikram Goyal
vikigoyal at gmail.com
Wed Apr 12 15:25:53 UTC 2006
Hello,
I am trying to port forward all requests to web through squid at port
3128. I have dsl connection and my box has statisc ip of 192.168.1.101
on FC5 and a caching name server on localhost.
I have added these rules to ipchain but even after applying them the
requests go straight to without logging anything in /var/log/messages.
-----------------------------------------------------------------------
The rules are:
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
-A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT
-A PREROUTING -p tcp --dport 80 -j LOG --log-prefix NPR-from-80-to-3128
-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
COMMIT
-----------------------------------------------------------------------
The output of iptables-save after applying these rules is:
[root at fc5host iptables]# iptables-save
# Generated by iptables-save v1.3.5 on Wed Apr 12 20:50:39 2006
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp --dport 80 -j LOG --log-prefix
"NPR-from-80-to-3128"
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 3128 -m owner --uid-owner squid -j
ACCEPT
COMMIT
# Completed on Wed Apr 12 20:50:39 2006
-----------------------------------------------------------------------
Well! nothings happening. The requests do not get redirected to squid
and nothing is logged.
Can someone clear this out for me.
Thanks!
--
vikram...
||||||||
||||||||
^^'''''^^||root||^^^'''''''^^
// \\ ))
//(( \\// \\
// /\\ || \\
|| / )) (( \\
--
QOTD:
"East is east... and let's keep it that way."
--
O
~|~
=
Registered Linux User #285795
More information about the fedora-list
mailing list