On Tue, Jul 01, 2003 at 02:00:00AM -0400, Alistair Tonner wrote: > On June 30, 2003 04:07 pm, Michael wrote: > > > > > That's Squid looking up my domain. (Why twice? I don't know.) The OUTPUT > > chain in the nat table is > > > > Chain OUTPUT (policy ACCEPT) > > target prot opt in out source destination > > DNAT tcp -- * * 0.0.0.0/0 1.2.3.5 multiport dports 80,443 > > to:192.168.0.8 DNAT tcp -- * * 0.0.0.0/0 1.2.3.6 multiport > > dports 80,443 to:192.168.0.9 > > > > > > Please read this page > > http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-3.html > > Why are you DNATting in OUTPUT? Good catch. I guess he's doing this because squid is bound to the public IP's. However, this is not necessary and for older iptables versions there was a problem with natting in the OUTPUT chain... Ramin > -- > > Alistair Tonner > nerdnet.ca > Senior Systems Analyst - RSS > > Any sufficiently advanced technology will have the appearance of magic. > Lets get magical!
