People, I updated to last STABLE-4 on debian, but this still happens this way. What can I do more? Jorge > -----Original Message----- > From: Jorge Bastos [mailto:mysql.jorge@xxxxxxxxxx] > Sent: quinta-feira, 3 de Abril de 2008 9:56 > To: 'Amos Jeffries' > Cc: 'Henrik Nordstrom'; squid-users@xxxxxxxxxxxxxxx > Subject: RE: client ip's > > Hum, the last one's on debian. > They were 3.0 PRE-X, but don't remember the number. > > > > > > -----Original Message----- > > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] > > Sent: quinta-feira, 3 de Abril de 2008 6:08 > > To: Jorge Bastos > > Cc: 'Henrik Nordstrom'; squid-users@xxxxxxxxxxxxxxx > > Subject: Re: client ip's > > > > Jorge Bastos wrote: > > > The rule I use to redirect traffic from 80 to 8080 is: > > > I must remember, this was working before 3.0 stable1 or stable2 > (not > > using > > > stable2), I just saw this was happening now. > > > > What version did you upgrade from? > > > > > > > > iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 - > j > > DNAT > > > --to-destination 192.168.1.1:8080 > > > > > > > If squid is running on this same box I would recommend the REDIRECT > > target instead of DNAT. It's less work for the kernel. > > > > The other possible issue is that you have your redirection rule at > the > > start of the NAT tables. The matching rule to allow squid traffic out > > is > > near the end. > > > > Even if you keep DNAT, they should be in this order: > > > > # allow squid traffic out okay. > > iptables -t nat _A PREROUTING -s 192.168.1.1 -p tcp --dport 80 -j > > ACCEPT > > # redirect all other web traffic into squid. > > iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j > > REDIRECT --to-port 8080 > > > > > > > > cisne:~# iptables-save -t nat > > > # Generated by iptables-save v1.4.0 on Wed Apr 2 17:12:25 2008 > > > *nat > > > :PREROUTING ACCEPT [35:1650] > > > :POSTROUTING ACCEPT [10307:1367320] > > > :OUTPUT ACCEPT [66427:4357431] > > > -A PREROUTING -d 193.164.158.105/32 -j DROP > > > -A PREROUTING -i eth1 -p tcp -m tcp --dport 5111 -j DNAT --to- > > destination > > > 192.168.1.11:5900 > > > -A PREROUTING -i eth1 -p tcp -m tcp --dport 5901 -j DNAT --to- > > destination > > > 192.168.1.2:5900 > > > -A PREROUTING -i eth1 -p tcp -m tcp --dport 5969 -j DNAT --to- > > destination > > > 192.168.1.3:5900 > > > -A PREROUTING -i eth1 -p tcp -m tcp --dport 3389 -j DNAT --to- > > destination > > > 192.168.1.204:3389 > > > -A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 80 -j DNAT > > > --to-destination 192.168.1.1:8080 > > > -A PREROUTING -p gre -j ACCEPT > > > -A PREROUTING -p icmp -j ACCEPT > > > -A PREROUTING -p ah -j ACCEPT > > > -A PREROUTING -p udp -m udp --dport 53 -j ACCEPT > > > -A PREROUTING -p udp -m udp --dport 500 -j ACCEPT > > > -A PREROUTING -p udp -m udp --dport 1723 -j ACCEPT > > > -A PREROUTING -p udp -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 20 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 21 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 22 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 23 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 25 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 43 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 79 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 123 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 143 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 443 -j ACCEPT > > > -A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 444 -j > ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 1723 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 1863 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 3306 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 3389 -j ACCEPT > > > -A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 5000 -j > > ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 5190 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 5900 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 5901 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 6667 -j ACCEPT > > > -A PREROUTING -s 192.168.1.0/24 -d 192.168.1.206/32 -p tcp -m tcp - > - > > dport > > > 8888 -j ACCEPT > > > -A PREROUTING -d 192.168.1.1/32 -p tcp -m tcp --dport 8080 -j > ACCEPT > > > -A PREROUTING -i eth1 -p tcp -m tcp --dport 30106 -j DNAT --to- > > destination > > > 192.168.1.224:30106 > > > -A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 62500:63500 > > > --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT > > > -A PREROUTING -j DROP > > > -A POSTROUTING -o eth1 -j MASQUERADE > > > COMMIT > > > # Completed on Wed Apr 2 17:12:26 2008 > > > > > > -----Original Message----- > > > From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] > > > Sent: quarta-feira, 2 de Abril de 2008 11:42 > > > To: Jorge Bastos > > > Cc: squid-users@xxxxxxxxxxxxxxx > > > Subject: RE: client ip's > > > > > > WHat do your iptables NAT rules look like? > > > > > > iptables-save -t nat > > > > > > ons 2008-04-02 klockan 09:18 +0100 skrev Jorge Bastos: > > >> Transparent proxy > > >> > > >> Squid running on: 8080 > > >> And I forward 80 => 8080 (squid) => web > > >> > > >> My iptables rules are intact, I believe it was from 3.0 stable 1 > or > > 2 that > > >> this started to happen. > > >> > > >> > > >> > > >> > > >>> -----Original Message----- > > >>> From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] > > >>> Sent: quarta-feira, 2 de Abril de 2008 0:12 > > >>> To: Jorge Bastos > > >>> Cc: squid-users@xxxxxxxxxxxxxxx > > >>> Subject: RE: client ip's > > >>> > > >>> tis 2008-04-01 klockan 12:29 +0100 skrev Jorge Bastos: > > >>>> No, just squid himself. > > >>> As a plain proxy, or playing with NAT? > > >>> > > >>> Regards > > >>> Henrik > > > > > > > > > > -- > > Please use Squid 2.6.STABLE19 or 3.0.STABLE4
