Package: kernel-source-2.6.11 Version: 2.6.11-1 With <= 2.6.10, squid was working fine as a transparent proxy for local connections, using the following NAT rules:
-A OUTPUT -o world -p tcp --dport 80 -j redirect-local-squid -A redirect-local-squid -m owner --gid-owner 13 -j ACCEPT -A redirect-local-squid -p tcp -j REDIRECT --to-port 3128 With 2.6.11, this stopped working. However, now I wonder why it ever worked in the first place. I have squid set up to allow contact by localhost. However, when talking to the outside, the source IP will not be 127.0.0.1. It seems like 2.6.10 and below did some magic here, which does not work anymore... (so maybe it is actually fixed now, but who knows...) 09:50 < dilinger> madduck: 2.6.11 is kind of shitty in general So... news at 11, but I thought you might like to know. Here's how to fix it (to be placed *after* any MASQUERADE rules): -A POSTROUTING -o world -p tcp --dport 80 -j rewrite-source-squid -A rewrite-source-squid -m owner --gid-owner 13 -j ACCEPT -A rewrite-source-squid -p tcp -j SNAT --to-source 127.0.0.1 -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! "how do you feel about women's rights?" "i like either side of them." -- groucho marx
signature.asc
Description: Digital signature