On Tue, 2005-03-01 at 17:03, joe z wrote: > this script runs everything fine just the redirect doesn't. the proxy works > fine when browser pointed at it. > > /sbin/depmod -a > /sbin/modprobe ipt_LOG > /sbin/modprobe ipt_REDIRECT > > iptables -F > iptables -t mangle -F > iptables -t nat -F > iptables -X > > echo "1" > /proc/sys/net/ipv4/ip_forward > iptables -P INPUT ACCEPT > iptables -P OUTPUT ACCEPT > iptables -P FORWARD ACCEPT > iptables -t mangle -P PREROUTING ACCEPT > iptables -t nat -P PREROUTING ACCEPT > iptables -t nat -A PREROUTING -m tcp -p tcp --dport 80 -j REDIRECT --to-port > 8080 first--when you look at the output of: iptables -t nat -vnxL do you see the packet count incrementing on that rule--if so, good. second--the proxy *is* running on port 8080, right? k--moving on... third--the proxy *is* configured for transparent operation, right? for example, if the proxy in question is squid: http://www.faqs.org/docs/Linux-mini/TransparentProxy.html#s4 as an aside--it would be better form to specify only packets arriving on the inside interface in your REDIRECT rule; i.e, "-i $INSIDE_IF" > ifdown eth1 > ifdown eth0 > ifup eth0 > ifup eth1 > ifconfig eth1 192.168.11.8 netmask 255.255.255.0 > ifconfig eth0 192.168.11.10 netmask 255.255.255.0 um... err... never mind... wait--i'll bite...this machine *is* forcibly in the path between all web browsers and the Internet, right? <--snip--> -j -- "Ooh, they used nylon rope this time. It feels smooth against my skin, almost sensuous." --The Simpsons
