Hello all,
I've been using iptables without problem for a long time, but finally faced one
when I tried a new thing.
I'm using Linux 2.4.20. What I want to be able to do is having a rule in NAT
table PREROUTING chain for transparent proxy at 'tun' interface, instead of
usual physical (ethx) one, like following:
~~~~~~~~~
iptables -t nat -A PREROUTING -i tun255 -p tcp -m tcp \
--dport 80 -j REDIRECT --to-ports 3128
I confirmed that packets are coming in from tun255 to system. Another rule I
setup at mangle PREROUTING chain (-t mangle -A PREROUTING -i tun255 ...) for
debugging tells me that packets come visit the mangle table (the rule's
packet/byte counts increases).
Problem is, packets never come into nat table. Packet/byte count stays zero (-t
nat -L PREROUTING -v -x).
For debugging, if I do something like this at mangle table, traffic is blocked:
iptables -t mangle -A PREROUTING -i tun255 -j DROP
but same rule at nat table never affects the traffic:
iptables -t mangle -A PREROUTING -i tun255 -j DROP
Transparent proxy rule at ethx interface works with no problem. So proxy itself
works fine.
I tried same thing with tap device as well, but it doesn't work either. Is this
a limitation of iptables that nat table works only with physical device, or am
I missing something?
Any clue or suggestion would be appreciated. Thanks in advance.
Jinsuk Kim
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
