> Hi, > > I am having a problem with the nat table configuration. I am using > 2.6.8.1 kernel in a router and also added a http filter proxy which > uses port 8080. > > Internet ------------ ROUTER(http filter proxy) ---------linux PC. > lan ip: 192.168.1.1 > 192.168.1.2 > > I have found that if there is a established connection exist between > linux PC and the webserver before I start the proxy, and added the > iptables nat rules, which can be checked use netstat, the outgoing > http packet will not be passed to the proxy, and it seems go out > directly. I would say that's why the connection is *established*. Once it's established, it will not be doing anything else untill the connection is closed. > If I leave it untouched (no http activity), and after some > time later, that connection is gone, the outgoing http packet will > be passed to the proxy again. > > Any one know how to solve this problem? Kicking an open door : - start the proxy before your iptables rules. - Unless I'm missing something, you are using a proxy for internet access. In that case you probably don't want to allow http(s) forwarding, so ; do not use such rules or restrict them to hosts that should not use the proxy. Gr, Rob
