Hello netfilter users: I run a little bit into trouble when updating a box from ipchains to netfilter when porting the IP accounting rules - maybe someone has an idea how to solve this...
The box is running squid as a transparent proxy (incoming port 80 gets redirected to the local squid port for any destination address). Now, because of the redirect the destination of the traffic is the IP of the box, not the real servers address. The forwarding chain does not come into effect because of the redirect. Any traffic is accounted as local input to squid but I need the counts for every real destination squid forwards to. If I do traffic accounting in the output chain (squid's request to the real destination) I will miss the things squid answered from its local cache. The only point where I can get the real destination is in the nat table chains but they only apply on the connection opening... Any ideas? Thanks a lot! -- Marcus ....................................................................... The finest in secure communication technologies: http://www.idnt.net IDNT Integrated Digital Network Technologies Tel. +49 6403 9526 0 Perchstetten 14-16, 35428 Langgoens, Germany Fax. +49 6403 9526 503 .......................................................................
