Le lundi 05 juin 2006 à 10:40 +0200, Sietse van Zanen a écrit : Thank you for taking the time to look at my problem ! > I think the error is in your first two rules for the PREROUTING chain > in the NAT table: ... > All WEB traffic will only hit the first rule and never the second. I have traces of many attempts in my rule file - I never used those two rules together so it's not the problem > I think you should try something like this. > Have apache proxy listen on localhost (127.0.0.1) port 8081 > Iptables -t NAT -A PREROUTING -p tcp -i eth0(internal nic) -m > multiport > --dports http,https,squid,svn,http-alt,webcache -j REDIRECT --to > 127.0.0.1:8081 If I use REDIRECT the to is interpreted like --to-port and I see the LAN system hammer the gateway 127 port :( If I use -A PREROUTING -i eth1 -p tcp -m multiport --dports http,https,squid,svn,http-alt,webcache -j REDIRECT --to-port 8081 the requests are redirected to port 8081 of the lan interface IP (192.168.1.1, I can live with that) but the result is abysmal : apache logs "GET / HTTP/1.1" requests instead of "GET http://www.slashdot.org/ HTTP/1.1" requests so all sites are served as if the browser asked for the local root (empty) and the browser only receives blank pages Regards, -- Nicolas Mailhot
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
