dhbae@kneo.com wrote:
> /sbin/ipchains -A input -s 200.0.0.0/24 -p tcp -d 200.0.0.1 80 -j REDIRECT 8080
>
> I am running squid on port 8080 in machine 200.0.0.1
The above rule does only redirect connections which have a destination
ip of 200.0.0.1. Quite likely the opposite of what you want there.
I would recommend
/sbin/ipchains -A input 200.0.0.0/24 -p tcp -d 200.0.0.1 -j ACCEPT
/sbin/ipchains -A input 200.0.0.0/24 -p tcp -d 0.0.0.0/0 80 -j REDIRECT
80
Also I find it easier and probably more secure to build input/output
rules based on the interface rather than source IP addresses. Source
IP's can easily be spoofed, and tend to change when the organization
grows.
-- Henrik Nordstrom Squid Hacker -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Mon Aug 28 2000 - 02:10:15 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:06 MST