fooler wrote: > the simple logic and attack of nmap is that, it send a *tcp syn* to the > target host... if the the target host reply a *tcp syn/ack*... then nmap > will display that port is *open* otherwise nmap will assumed that port is > *filtered*... therefore, filtering thru packet filter, binding to > localhost, whatever trick you gonna do... it will give you the same > results from nmap... > OK, that's good to know. But with a "-j REJECT --reject-with tcp-reset" nmap will show "closed", not "filtered". > to give you an idea.. your network card is a *physical* device while your > loopback interface (eg. localhost) is a *logical* device.. both physical > and logical devices have an ip address if you assigned it... the principle > of transparent proxy is that... it will hijack the tcp port 80 and > *redirected* to a given or target ip address... if that target ip address > is your localhost ip address (127.0.0.1) where squid bind to it > (127.0.0.1:3128) then squid will happily recieved those hijack http > packets... > Right, I think I understand. Something like this: iptables -A PREROUTING -t nat -p TCP --dport 80 -j REDIRECT --to-port 3128 --destination 127.0.0.1 I'll try this tonight, when nobody is using the connection. > 127.0.0.1 is not routable therefore both your internal and external > clients dont see 127.0.0.1:3128 in your squid box... Right. Thank you for explaining these things, it's much appeciated! //Niels
