Hi all,
I have a set of iptables rules that have stopped working between 2.6.15 and
2.6.16-rc[1-4]:
iptables -t nat -A OUTPUT -d 127.0.0.1 -p tcp -m tcp \
--dport http -j ACCEPT
iptables -t nat -A OUTPUT -d 192.168.0.0/255.255.255.0 -p tcp -m tcp \
--dport http -j ACCEPT
iptables -t nat -A OUTPUT -d 192.168.1.0/255.255.255.0 -p tcp -m tcp \
--dport http -j ACCEPT
iptables -t nat -A OUTPUT -m owner -p tcp --gid-owner proxy -m tcp \
--dport http -j ACCEPT
iptables -t nat -A OUTPUT -p tcp -m tcp \
--dport http -j REDIRECT --to-ports 3128
The intent is that only the 'proxy' group on the local machine can talk HTTP
directly to sites outside the named networks, and that connections from all
other users should be transparently redirected to the squid process at port
3128 (owned by 'proxy').
These rules have worked nicely for several kernel versions, but not in the
latest -rc series. I receive no error messages in the logfiles or when
executing the iptables commands above, but the redirected connections just
hang.
I'll be happy to provide any further information that might help diagnose
the problem, or to find an alternate solution.
Thanks in advance,
-Steve
