On 20 November 2014 03:34, <karl@xxxxxxxx> wrote: > I'm trying to redirect traffic to a transparent Squid proxy. The redirect > works, but then the traffic gets dropped on the input chain of the filter > table. I can hit the Squid port (3129) directly, so I know my accept rule > is working for other traffic. I just can't figure out why the redirected > traffic is being blocked. > > Here's the setup. My Internet gateway runs both iptables and squid, so the > redirect is going to the same server. Eth0 is the Internet connection, eth1 > (192.168.2.254) is the internal LAN. > > I've set the nat rules like this: > -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3219 > -A POSTROUTING -o eth0 -j MASQUERADE > And the filter rules like this: > #8 -A INPUT -i eth1 -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT > #9 -A INPUT -i eth1 -m tcp -p tcp --dport 3129 -j ACCEPT > ... > #36 -A INPUT -j DROP > Maybe your problem is 3129 != 3219. -- Arturo Borrero González -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
