also sprach Raúl Alexis Betancort Santana <firstname.lastname@example.org> [2005.03.24.0948 +0100]: > Are you trying to do transparent proxy on a router/gateway with > dynamic ip on the public interface?, it's also you client's ip > dynamic? "local packets" means: packets generated on the machine running squid itself. no "clients" involved. Maybe this is clear: (nat table) -A OUTPUT -o world -p tcp --dport 80 -j redirect-local-squid -A redirect-local-squid -m owner --gid-owner 13 -j ACCEPT -A redirect-local-squid -p tcp -j REDIRECT --to-port 3128 This works. Problem is that the packets arriving at 3128 have the dynamic external IP as source, when they should have 127.0.0.1. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <email@example.com> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! the early bird may get the worm, but the second mouse gets the cheese in the trap.
Description: Digital signature