On Friday 25 February 2005 1:38 am, Ronny wrote: > Jesse Guardiani wrote: > > >Henrik Nordstrom wrote: > > > > > > > >>On Thu, 24 Feb 2005, Jesse Guardiani wrote: > >> > >> > >> > >>>I don't think it is anymore. It seems like the packets are just > >>>dissappearing after they hit my iptables rule. I tried placing OUTPUT and > >>>POSTROUTING LOG rules around the NAT table, and their hit counters > >>>increment if I hit the cache directly from a web browser, but if I hit it > >>>transparently the packet just dissappears after the REDIRECT to port > >>>3128. > >>> > >>> > >>Try using DNAT instead of REDIRECT. > >> > >> > > > >I thought you might say that, so I tried it with DNAT earlier in the day. > >I tried destination addresses 192.168.10.2 (my ip alias on eth0:22) and > >192.168.1.2 (my "real" eth0 ip). Neither worked. Here's an example of the > >latter: > > > ># iptables -t nat -L -v > >Chain PREROUTING (policy ACCEPT 425 packets, 61769 bytes) > > pkts bytes target prot opt in out source destination > > 43 2580 DNAT tcp -- gre1 any anywhere anywhere tcp dpt:www to:192.168.1.2:3128 > > > >Do you see anything wrong with the above? > > > If I may ask why www dport and not http?Suggestion and question.But it's > a firewall thing seems http traffic is looping in the linux strange ! I'm not sure what you're asking/suggestion. I give it port 80, and it calls it www because that is what is in my /etc/services file. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net
