--- Amos Jeffries <squid3@treenet.co.nz> wrote:
> > #### USER 1
> > $IPT -A PREROUTING -t nat -i $LAN -s $USER1 -m mac
> > --mac-source $MAC_USER1 -j ACCEPT
> > $IPT -t nat -A PREROUTING -i $LAN -s $USER1 -p tcp
> > --dport 80 -j REDIRECT --to-port 3128
> > $IPT -A PREROUTING -t nat -i $LAN -s ! $USER1 -m
> mac
> > --mac-source $MAC_USER1 -j DROP
> >
>
> Well, thats broken.
> To see what its doing go:
> iptables -t nat -L PREROUTING -v
> I expect the REDIRECT counters are all '0'.
> Because anything that comes in from user1 gets
> accepted before the
> REDIRECT. I think line 2 and 1 should be reversed.
>
thanks Amos, it works :-)
you right, using old rule, when i see with command
iptables -t nat -L PREROUTING -v, REDIRECT counters
'0'
now i move 2 into 1 and 1 into 2, REDIRECT counter not
'0'
once again, thanks for your help :)
>
> see note above on iptables rules.
> Second, do you have arp-relay enabled on your
> network or are the clients
> directly connected?
> Without arp-relay squid will only see the MAC
> address of the
> router/bridging device that connects to the squid
> box. Your IP and MAC
> rules may be redundant.
>
> Amos
i'm not using arp-relay. May i know, what is arp-relay
& must i use this with my proxy?
1 more question, is't possible if i write rule like
this?
$IPT -t nat -A PREROUTING -i $LAN -s $USER2 -m mac
--mac-source $MAC_USER2 -p tcp --dport 80 -j REDIRECT
--to-ports 3128
last question, how to reply email in squid user
mailing list, when i click reply, email address not to
squid-users@ squid-cache.org, but to user
thanks
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Received on Fri Jan 25 2008 - 23:13:14 MST
This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST