Re: [squid-users] Transparent Proxy iptables rules - Help needed

From: Henrik Nordstrom <[email protected]>
Date: Wed, 28 Apr 2004 09:50:56 +0200 (CEST)

On Tue, 27 Apr 2004, Roy Walker wrote:

> If I take the -o off the rule works fine. However, only want traffic
> from eth0 and destined out eth1 to be proxied except when it is destined
> for the network specified by the -d. Anyone have any idea what is not
> right with that?

You can't use -o in PREROUTING. The information is simply not known by the
kernel at that time. You must match on destination IPs. If you have some
traffic you do not want to intercept then add ACCEPT rules in the nat
table before your interception rule.

You can only intercept traffic at PREROUTING, as the kernel needs to know
where to route the traffic and interception changes the destination to the
local server instead of the requested server.

Regards
Henrik
Received on Wed Apr 28 2004 - 01:50:59 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:03 MDT