Hi all, I have the current set up as follows; Linux box running PCQLinux 2004 (based on fedora core 1...check out the site pcquest.com. its a great distribution ) with 2 NIC .... eth1 connected 2 the internet and eth0 to the local network I run squid on the same box that runs the firewall (iptables). I have turned on transparent proxying with the following rules iptables -t nat -A PREROUTING -i $LAN_IFACE -p tcp -j REDIRECT --to-port 3128 iptables -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP The rule works fine....But I also use the firewall box as a workstation and allow access from it to the internet via the output chain. The rules being (where LAN_IP=192.168.2.1 and INET_IP = static ip given by isp ) iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT iptables -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT iptables -A OUTPUT -p ALL -s $INET_IP -j ACCEPT What i want now is all net access from this (firewall) box to go through the squid server (i.e. port 3128). So I add a rule above the OUTPUT rules that says iptables -t nat -A OUTPUT -o $INET_IFACE -p tcp -j REDIRECT --to-port 3128 but it doesn't work.. Can anybody help me. Thanks all, Sameer ===== ________________________________________________________________________ Yahoo! India Matrimony: Find your partner online. http://yahoo.shaadi.com/india-matrimony/
