On Thu, 2005-03-24 at 11:26 +0100, martin f krafft wrote: > Maybe this is clear: > > (nat table) > -A OUTPUT -o world -p tcp --dport 80 -j redirect-local-squid > -A redirect-local-squid -m owner --gid-owner 13 -j ACCEPT > -A redirect-local-squid -p tcp -j REDIRECT --to-port 3128 > > This works. Problem is that the packets arriving at 3128 have the > dynamic external IP as source, when they should have 127.0.0.1. Is there a problem with that? When a program under linux tries to contact an address that's used by one of the machine's interfaces, the traffic is sent localy and never goes to that interface. Using SNAT would probably break the http client because it would send using the world ip and therefore wouldn't be listening on 127.0.0.1 for the reply from squid.
Attachment:
signature.asc
Description: This is a digitally signed message part