On 29/08/2012 11:20 p.m., Eliezer Croitoru wrote:
On 8/29/2012 1:15 PM, Pawel Mojski wrote:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
ip.of.my.squid:8081 i have strange error.
it means that every packet the will go to port 80 will be redirected
to squid ip+port and it means that the packets from squid are the same
and will be looped.
you should use the "-j REDIRECT instead of -j DNAT .
also I recommend you to be explicit about the interface and ip's that
will be intercepted by the proxy.
example:
iptables -t nat -A PREROUTING -i eth1 -s 192.168.1.0/24 ! -d
192.168.10.1/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8081
Regards,
Eliezer
3.2.1 seems to have a small bug in not detecting such loops early. Older
versions caught them quickly under the same conditions.
This is being tracked in bug 3626.
Amos
