Excuse the duplicate post --- I've got butterfingers today ... hit send by accident... On December 16, 2003 03:08 pm, Jason Cook wrote: > Ok. I would like to run just the proxy and caching end ><<<SNIPPAGE>>>> > > > > > For iptables I used > > > iptables -t nat -A PREROUTING -i eth1 -p tcp > > > > --dport > > > > > 80 -j REDIRECT --to-port 3128 > > > > > > I then try to browse the internet from a client > > > through the firewall and nothing. > > > > > > When I run iptables -t nat -nv -L > > > > > > Chain PREROUTING (policy ACCEPT 31254 packets, > > > > 3971K > > > > > bytes) > > > pkts bytes target prot opt in out > > > > source > > > > > destination > > > 0 0 REDIRECT tcp -- eth1 * > > > 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 > > > redir ports 3128 > > > > > > PREROUTING is accepting packets...but none are > > > processes by the redirect rule. > > Indeed PREROUTING is now routing the packet to the new port. Is INPUT accepting the packet on the new port is OUTPUT allowing squid to go get the pages? ins INPUT accespting the replies to squid's requests? Anthonys suggested log rules below will indeed help ... but you might want to tag each of those LOG rules with a different --log-prefix so you can more clearly mark where the logging is happening. > > I assume that eth1 is your internal LAN interface, > > so that's where the packets > > will be coming from. Can you try adding some LOG > > rules so we can see where > > the packets are really going? > > > > iptables -I PREROUTING -t nat -p tcp --dport 80 -j > > LOG > > iptables -I INPUT -p tcp --dport 80 -j LOG > > iptables -I FORWARD -p tcp --dport 80 -j LOG > > > > Antony. > > __________________________________ > Do you Yahoo!? > New Yahoo! Photos - easier uploading and sharing. > http://photos.yahoo.com/
