The rule I use to redirect traffic from 80 to 8080 is: I must remember, this was working before 3.0 stable1 or stable2 (not using stable2), I just saw this was happening now. iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:8080 cisne:~# iptables-save -t nat # Generated by iptables-save v1.4.0 on Wed Apr 2 17:12:25 2008 *nat :PREROUTING ACCEPT [35:1650] :POSTROUTING ACCEPT [10307:1367320] :OUTPUT ACCEPT [66427:4357431] -A PREROUTING -d 193.164.158.105/32 -j DROP -A PREROUTING -i eth1 -p tcp -m tcp --dport 5111 -j DNAT --to-destination 192.168.1.11:5900 -A PREROUTING -i eth1 -p tcp -m tcp --dport 5901 -j DNAT --to-destination 192.168.1.2:5900 -A PREROUTING -i eth1 -p tcp -m tcp --dport 5969 -j DNAT --to-destination 192.168.1.3:5900 -A PREROUTING -i eth1 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.1.204:3389 -A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:8080 -A PREROUTING -p gre -j ACCEPT -A PREROUTING -p icmp -j ACCEPT -A PREROUTING -p ah -j ACCEPT -A PREROUTING -p udp -m udp --dport 53 -j ACCEPT -A PREROUTING -p udp -m udp --dport 500 -j ACCEPT -A PREROUTING -p udp -m udp --dport 1723 -j ACCEPT -A PREROUTING -p udp -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 20 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 21 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 22 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 23 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 25 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 43 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 79 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 123 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 143 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 443 -j ACCEPT -A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 444 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 1723 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 1863 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 3306 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 3389 -j ACCEPT -A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 5000 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 5190 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 5900 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 5901 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 6667 -j ACCEPT -A PREROUTING -s 192.168.1.0/24 -d 192.168.1.206/32 -p tcp -m tcp --dport 8888 -j ACCEPT -A PREROUTING -d 192.168.1.1/32 -p tcp -m tcp --dport 8080 -j ACCEPT -A PREROUTING -i eth1 -p tcp -m tcp --dport 30106 -j DNAT --to-destination 192.168.1.224:30106 -A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 62500:63500 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT -A PREROUTING -j DROP -A POSTROUTING -o eth1 -j MASQUERADE COMMIT # Completed on Wed Apr 2 17:12:26 2008 -----Original Message----- From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Sent: quarta-feira, 2 de Abril de 2008 11:42 To: Jorge Bastos Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: client ip's WHat do your iptables NAT rules look like? iptables-save -t nat ons 2008-04-02 klockan 09:18 +0100 skrev Jorge Bastos: > Transparent proxy > > Squid running on: 8080 > And I forward 80 => 8080 (squid) => web > > My iptables rules are intact, I believe it was from 3.0 stable 1 or 2 that > this started to happen. > > > > > > -----Original Message----- > > From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] > > Sent: quarta-feira, 2 de Abril de 2008 0:12 > > To: Jorge Bastos > > Cc: squid-users@xxxxxxxxxxxxxxx > > Subject: RE: client ip's > > > > tis 2008-04-01 klockan 12:29 +0100 skrev Jorge Bastos: > > > No, just squid himself. > > > > As a plain proxy, or playing with NAT? > > > > Regards > > Henrik >