-t nat -A PREROUTING -i eth0 -d ! $INT_ROUTER_IP -p tcp --dport 80 -j REDIRECT --to-ports 3128Hello all,
I'm running a squid at port 3128 as a transparent proxy.
There are requests coming directly to 3128 port and those coming to 80 port and then redirected to 3128 by following rule:
-t nat -A PREROUTING -i eth0 -p tcp -m tcp \ --dport 80 -j REDIRECT --to-ports 3128
What I want is block direct requests to 3128, allowing redirected access (transparent proxy) only. How do I do it?
If I just set up a rule in filter chain like:
-t filter -A INPUT -i eth0 -p tcp -m tcp \\ --dport 3128 -j DROP
Those requests redirected from port 80 to 3128 are also blocked by this rule. It seems that the redirected packets come in to this chain once again with the new port number.
How can I differentiate these two different kinds of request? Any clue will be greatly appreciated.
Jinsuk Kim
-A INPUT -i eth0 -d $INT_ROUTER_IP -p tcp --dport 3128 -J REJECT
TCP SYN have external ip dst_ip.
-- wbr, Logechnik Alexandr
In God we trust, but something else must have X.509 certificate
