thanks for replying , i have solve my problem by prerouting traffic of 80 port to 3128 then after i used nating rules. it gets work now. thanks to all. /dev/rob0 <rob0@xxxxxxxxx> wrote: john decot wrote: > sorry it was the mistake in this mail. i have used redirect rules with > --to-ports 3128 as > > iptables -A PREROUTING -t nat -p tcp -m tcp -i eth0 -s $lan_network_ip > -d 0/0 -j REDIRECT --to-ports 3128 Where's the "--dport 80"? I have yet to see one which is perfect. Looks like you're going to redirect all TCP traffic from $lan_network_ip to squid. > but it seems not working again. is anything wrong with my transparent > proxy configuration??? Offhand I'd guess so, but since I don't know your whole rule set I cannot say for sure. Post your iptables-save(8) output to the list. Also, look at "iptables -vt nat -nL" and note the packet counters. iptables rules are evaluated in order. If an earlier rule matches these packets, this rule you added won't be hit. > any help.. Troubleshoot it yourself before you post again. Try "telnet netfilter.org 80" from one of the clients and watch your squid logs and check the iptables packet counters. Every attempt to go out on port 80 should increment the counter by one, and should be logged in squid. -- mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header --------------------------------- Start your day with Yahoo! - make it your home page
