Here is the output: [EMAIL PROTECTED] logs]# iptables -t nat -L -n -v Chain PREROUTING (policy ACCEPT 49710 packets, 8766K bytes) pkts bytes target prot opt in out source destination 1 52 REDIRECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8000 1 52 REDIRECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 redir ports 21
Chain POSTROUTING (policy ACCEPT 103 packets, 6335 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 92 packets, 5707 bytes) pkts bytes target prot opt in out source destination Thanx for your additional info, Antony. Regards, Tim Rainier Antony Stone <[EMAIL PROTECTED]> 11/17/2003 09:09 AM To: [EMAIL PROTECTED] cc: Subject: Re: [squid-users] Transparency On Monday 17 November 2003 1:53 pm, [EMAIL PROTECTED] wrote: > I'm running Squid 2.5 STABLE4 in Transparency. > The proxy server is my gateway. > > My NAT table looks as follows: > > [EMAIL PROTECTED] logs]# iptables -t nat -L > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > REDIRECT tcp -- anywhere anywhere tcp dpt:http > redir ports 8000 > REDIRECT tcp -- anywhere anywhere tcp dpt:ftp > redir ports 21 > > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination If you're going to post netfilter rules, it's better to post either the original rules which went into the table, or else the output of "iptables -t nat -L -n -v". The -n makes everything numeric so we can see what addresses are involved, and the -v shows more detail including the interfaces which the rules apply to. > Web browsing and ftping both work, at the moment. > I cannot get other internet connections to pass through the box. i.e.: > irc connections, telnet connections, etc. > > I imagine I need to be speaking with a linux person about this, but had a > couple of questions about squid and transparency mode. You could try the netfilter mailing list for a bunch of people who really know about this sort of thing. > First. I understand that squid proxies http traffic, only. Is this > correct? Yes. Squid will handle ftp requests over http, but only if the browser is configured to use the proxy. In transparent mode http is all you get. > So, all I should need are some redirects and forwards on the nat table and > the other internet stuff should work. > ie: I shouldn't need to go into my client programs (putty, mIRC, etc) and > tell them it's a proxy connection. For anything except http it isn't a proxy connection - those protocols go directly through your firewall to the Internet, nothing to do with a Squid proxy being around the place. Also, the whole point about transparent mode is that even for http, the client doesn't know there's a proxy - if it did, it wouldn't be transparent :) Antony. -- "I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. It is NOT portable , and it probably never will support anything other than AT-harddisks, as that's all I have :-(." - Excerpt from posting to comp.os.minix by Linus Torvalds, 25 Aug 1991 Please reply to the list; please don't CC me.