On 10.03.2010 01:23, netfilter-owner@xxxxxxxxxxxxxxx wrote: > On Wed, 10 Mar 2010 00:44:14 +0100, "Marco Schuth" <marco@xxxxxxxxxxxxx> > wrote: >> Hello, >> >> Iam using iptables on my router, and have a dedicated proxy server with >> squid sarg and squidguard running. >> >> all the clients send the request for a website to the default gw (router > >> 10.12.0.1) the router redirects (dnat) >> the package to the proxy server ip:10.12.0.250 >> but in the logs i get the ip from the router. > > NAT destroys the IP addresses before they leave the machine doing NAT. > Please read the Squid FAQ examples of how to configure policy routing ... > > Router: > http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute > > Squid box: > http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat > > Amos > Squid Project Hello, I'd like to ask, if in the above examples, the ACCEPT rules need to be placed in the mangle table? Is there a specific reason, couldn't it be done in the filter table? As that would be the intended/preferred use for filtering? If so, don't the examples teach people 'bad manners'? Best regards Mart -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
