Transparent proxying iptables help needed

Vikram Goyal vikigoyal at gmail.com
Wed Apr 12 15:25:53 UTC 2006


Hello,

I am trying to port forward all requests to web through squid at port
3128. I have dsl connection and my box has statisc ip of 192.168.1.101
on FC5 and a caching name server on localhost.

I have added these rules to ipchain but even after applying them the
requests go straight to without logging anything in /var/log/messages.

-----------------------------------------------------------------------
The rules are:

*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A OUTPUT     -p tcp --dport 80     -m owner --uid-owner squid -j ACCEPT
-A OUTPUT     -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT
-A PREROUTING -p tcp --dport 80 -j LOG --log-prefix NPR-from-80-to-3128
-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
COMMIT
-----------------------------------------------------------------------
The output of iptables-save after applying these rules is:

[root at fc5host iptables]# iptables-save
# Generated by iptables-save v1.3.5 on Wed Apr 12 20:50:39 2006
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp --dport 80 -j LOG --log-prefix
"NPR-from-80-to-3128"
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 3128 -m owner --uid-owner squid -j
ACCEPT
COMMIT
# Completed on Wed Apr 12 20:50:39 2006
-----------------------------------------------------------------------

Well! nothings happening. The requests do not get redirected to squid
and nothing is logged.

Can someone clear this out for me.

Thanks!
-- 
vikram...
         ||||||||
         ||||||||
^^'''''^^||root||^^^'''''''^^
        // \\   ))
       //(( \\// \\
      // /\\ ||   \\
     || / )) ((    \\
-- 
QOTD:
	"East is east... and let's keep it that way."
-- 
 O
~|~
 =
Registered Linux User #285795




More information about the users mailing list