Hello , first of all sorry for poor english.
Have some trouble with transparent proxing
Configuration is simple:
------------ ----------
|CLIENT| ---- eth/vlans ---- | GATE|
------------ ----------
transparent proxy
------------------test1---------------------
GATE:/#iptables -t nat -I PREROUTING -p TCP -s `CLIENT` \
--destination-port 80 -i vlan8 -j REDIRECT --to-ports 3128
CLIENT:/# telnet www.netfilter.org 80
Trying 213.95.27.115...
telnet: connect to address 213.95.27.115: Connection refused
(thats the problem ;))
GATE:/# tcpdump -n -i vlan8 -f "net `CLIENT`"
tcpdump: listening on vlan8
11:43:28.336226 `CLIENT`.38842 > 213.95.27.115.80: S 1057989664:1057989664(0)
win 5840 <mss 1412,sackOK,timestamp 1881955228 0,nop,wscale 2> (DF) [tos
0x10]
GATE:/# iptables -t nat -n -L -v
Chain PREROUTING (policy ACCEPT 32M packets, 1991M bytes)
pkts bytes target prot opt in out source
destination
1 60 REDIRECT tcp -- vlan8 * `CLIENT` 0.0.0.0/0
tcp dpt:80 redir ports 3128
nothing appear in squid´s access.log
----------------test2------------------------
After some rerouting to reach the gate through eth0
GATE:/#iptables -t nat -I PREROUTING -p TCP -s `CLIENT` \
--destination-port 80 -i eth0 -j REDIRECT --to-ports 3128
and all works fine.
---------------------------------------------
Is there any differents for netfilter if catching traffic on eth or vlan
interface ?
P.S.
Don´t have MTU problems with vlans.
Tried to flush all tables before testing.
Squid is configured properly.
--
Best Regards,
Martin Vassilev
