On Sun, Mar 16, 2008 at 4:18 PM, Rachmat Hidayat Al Anshar <rachmat_hidayat_03@xxxxxxxxx> wrote: > > Hi Indunil :) > > First of all, thanks a zillion for ur help before, > I was implemented ur suggested rules, and > its working, my squid box become transparent ;-) > > Um, but there is some other problem disturbing > me here. Those rules working for a http traffic, > in fact, i have to redirect ftp traffic also. > Could u give me a favor solving this?!?! Is it > any added rules that i have to issue according > to this ftp traffic redirections, or what? Squid is NOT a ftp proxy. If you use Open BSD's PF, it has rules for a ftp proxy, since ftp-proxy runs on localhost. But, in Linux, I do not know such thing. So you will have to add below iptables rules to access ftp sites from clients. I assume your client network is 192.168.0.0/24 and external ip is 1.2.3.4 ( ip that connects to ISP router) /sbin/modprobe -a ip_conntrack_ftp ip_nat_ftp iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 21 -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j SNAT --to-source 1.2.3.4 > > I couldn't really understanding about these line > of rules: > > > iptables -t mangle -A PREROUTING -j MARK --set-mark > 3 -p tcp --dport 80 the above rule marks packets as value 3 that are destined to port 80 But, before routing. That is why , it says PREROUTING > > ip rule add fwmark 3 table 2 tthen, Those makred packets as value 3 are added to a table called 2. That's it. -- Thank you Indunil Jayasooriya
