[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rewriting source and destination of local packets

also sprach Raúl Alexis Betancort Santana <rabs@dimension-virtual.com> [2005.03.24.0948 +0100]:
> Are you trying to do transparent proxy on a router/gateway with
> dynamic ip on the public interface?, it's also you client's ip
> dynamic?

"local packets" means: packets generated on the machine running
squid itself. no "clients" involved.

Maybe this is clear:

  (nat table)
  -A OUTPUT -o world -p tcp --dport 80 -j redirect-local-squid
  -A redirect-local-squid -m owner --gid-owner 13 -j ACCEPT
  -A redirect-local-squid -p tcp -j REDIRECT --to-port 3128

This works. Problem is that the packets arriving at 3128 have the
dynamic external IP as source, when they should have

Please do not send copies of list mail to me; I read the list!
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, user, and author
`. `'`
  `-  Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
the early bird may get the worm,
but the second mouse gets the cheese in the trap.

Attachment: signature.asc
Description: Digital signature

Reply to: