On Monday 17 November 2003 2:50 pm, trainier@kalsec.com wrote:
> Here is the output:
>
> [root@kalproxy logs]# iptables -t nat -L -n -v
> Chain PREROUTING (policy ACCEPT 49710 packets, 8766K bytes)
> pkts bytes target prot opt in out source destination
> 1 52 REDIRECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:80 redir ports 8000
> 1 52 REDIRECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp
> dpt:21 redir ports 21
The first rule will (re)direct any packets coming in on eth1, which were
going to some server on TCP port 80, to TCP port 8000 on the netfilter
machine (presumably this is the port that Squid is listening on).
The second rule I find a bit dubious - are you really running an ftp proxy on
the machine (perhaps frox?), or are you hoping that Squid is going to
transparently proxy ftp for you as well as http? (If you are, you will be
disappointed - squid isn't an ftp proxy - well, certainly not in transparent
mode, anyway).
Aside from that, I trust you have some appropriate FORWARDing rules to allow
the rest of the (non-proxied) traffic through your firewall? If not, then
this is where the problem lies, and since (a) it's much more of a netfilter
question than a squid question, and (b) we're both on the netfilter list as
well, I suggest we transfer the discussion over there if you need any more
help with getting non-http traffic through the machine.
-- Ramdisk is not an installation procedure. Please reply to the list; please don't CC me.Received on Mon Nov 17 2003 - 08:57:04 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:21 MST