On Mon, Jul 19, 2004 at 10:56:54AM +0100, Antony Stone wrote: > On Monday 19 July 2004 10:44 am, Joshua N Pritikin wrote: > > I am trying to do Squid + Netfilter + BROWSER on the same machine. > > Oh, right - I hadn't appreciated that part before. I thought you just meant > transparent proxying to a proxy on the gateway instead of to a proxy > somewhere else. > > In that case you either need to DNAT your OUTPUT packets, as per your previous > posting, This solution seems to work (below). I wonder if this should be added to the various FAQs? ;-) #!/bin/sh iptables -t nat -F # clear table # normal transparent proxy iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 8080 # handle connections on the same box (192.168.0.2 is a loopback instance) gid=`id -g proxy` iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --gid-owner $gid -j ACCEPT iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 192.168.0.2:8080 -- A new cognitive theory of emotion, http://openheartlogic.org
Attachment:
signature.asc
Description: Digital signature
