Removing '-t nat' from the last rule should do what you need. Only the first two really need to be in the NAT table (because they are modifying the traffic, not filtering it).
- John Brooks On Wed, May 13, 2009 at 11:15 PM, leandro noferini <[email protected]> wrote: > Ciao a tutti, > > in tor wiki at the address > > http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy#head-235f10e71909d609c46847c9f91efe8ed5168004 > > explains the way to apply a trasparent proxy for a specific user. > > The rules for iptables are > > iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp --syn > -j REDIRECT --to-ports 9040 > iptables -t nat -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp > --dport 53 -j REDIRECT --to-ports 53 > iptables -t nat -A OUTPUT -m owner --uid-owner anonymous -j DROP > > In my debian unstable linux (kernel 2.6.29 and iptables 1.4.3.2-2 from > package) these rules don't work anymore and this is the message from > iptables > > The "nat" table is not intended for filtering, the use of DROP is therefore > inhibited. > > Does anyone know the changes needed tomake it work again? > > > -- > Ciao > leandro > Io non voglio sapere tutto, io voglio capire tutto >
