Martijn Lievaart wrote:
Martin Whinnery wrote:
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -m recent
--rcheck --seconds 30 -j REDIRECT --to-ports 8080
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -m recent --set
-j REDIRECT --to-ports 82
So I thought the first rule wouldn't match first time around. Then the
second rule would provide the proxy instructions page, and make the
/proc/sys/net/ipt_recent/DEFAULT entry. This works fine.
But the first rule should match on the next request. And it doesn't
seem to. And I don't understand.
I think you need to replace rcheck with update.
HTH,
M4
Thanks Martijn,
I think it's working now. I've found that conntrack keeps the first
connection in TIME_WAIT for 120 seconds, and that if I try before that,
rule1 misses. This will do me, so long as I keep my --seconds greater
than this.
Thanks again
Mart
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
