And the prerouting chain at the nat table is not valid for locally generated packets. The output chain is for that. But in all cases, I think Jason is right. On Monday 02 May 2005 18:01, Jason Opperisano wrote: > On Mon, May 02, 2005 at 04:55:00PM -0400, John G. Norman wrote: > > Here's a transcript: > > > > [root@preview ~]# /sbin/iptables -t filter -F > > [root@preview ~]# /sbin/iptables -t mangle -F > > [root@preview ~]# /sbin/iptables -t nat -F > > [root@preview ~]# cat /proc/sys/net/ipv4/ip_forward > > 1 > > [root@preview ~]# /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp > > --dport 80 80 -j REDIRECT --to-port 80 > > [root@preview ~]# wget http://localhost >/dev/null > > your problem is your testing methodology. do not try and test > transparent proxying from the proxy machine itself--it's not a valid > test of what you really want; which is transparent proxying of client > requests made from machines behind the proxy. > > start testing from behind the firewall/proxy and see if you still have > problems. > > -j > > -- > "Stewie: It rubs the lotion on its skin or else it gets the hose again." > --Family Guy -- André "Ramoni" (Cabelo) Redes / Linux Nada de Windows Databras Informatica Tel: (21) 2518-2363 Fax: (21) 2263-6830
