> > As I know, REDIRECT target redirects to the same iface, but on another port. > > Nope. > REDIRECT target redirects to lo interface, on the port you want. hmmm...i'm not so sure i agree with that. my belief is that REDIRECT redirects to the IP address of the receiving interface of the netfilter machine on the specified port. i do transparent proxying w/ REDIRECT and squid, and i see all the redirected connections on the IP of the internal interface, not on lo or 127.0.0.1. i actually just recently learned here that packets arriving on lo that don't have a source and dest of 127.0.0.1 get dropped by the linux kernel's "martian" code (thanks for pointing that out to me)--so i don't see how a redirect of this nature could work. -j