On Mon, May 02, 2005 at 03:04:20PM -0400, John G. Norman wrote:
> tcp 0 0 :::8080 :::* LIST
k--so the cheap -n- easy stab was that nothing was listening on TCP port
8080.
here's how i would go about checking this...first--use the REDIRECT
method, as it's the "normal" way to do transparent proxying. next:
even though your firewall is wide-open, create a rule like:
iptables -A INPUT -i $INSIDE_IF -p tcp --dport 8080 -j ACCEPT
with the REDIRECT rule and the ACCEPT rule in place, generate some HTTP
traffic from a client behind the firewall.
using "iptables -t nat -vnxL" is the REDIRECT rule getting hits?
if not--HTTP traffic is never making it to this gateway.
using "iptables -vnxL" is the ACCEPT rule getting hits?
if not--there's something wrong with your REDIRECT rule (most likely the
inbound interface). if it is--packets should be making it to the squid
proxy--is squid setup for transparent proxying?
HTH...
-j
--
"Brian: Whose leg do I have to hump to get a dry martini around here?"
--Family Guy
