hello, what did you mean?? mean you i need more rules???? The proxy have one activ interface.
Mit freundlichen Gr��en Kind Regards Thomas Elsaesser _________________________________ Henkel KGaA HI / CNS CC-Security Phone: +49-211-797-6712 Fax: +49-211-798- E-Mail: [EMAIL PROTECTED] Internet: http://www.Henkel.com |---------+------------------------------------> | | Denis Vlasenko | | | <[EMAIL PROTECTED]| | | .odessa.ua> | | | 20.09.2004 16:36 | | | Entscheidung erforderlich| | | ? |--------| | | | | [ ] ja | | | | |--------| | |---------+------------------------------------> >---------------------------------------------------------------------------------------------------------------| | | | An: [EMAIL PROTECTED], [EMAIL PROTECTED] | | Kopie: | | Thema: Re: [squid-users] squid transparent proxy loop problem | >---------------------------------------------------------------------------------------------------------------| On Monday 20 September 2004 17:00, [EMAIL PROTECTED] wrote: > Transparent proxy > > > 172.17.248.48 - - [20/Sep/2004:14:51:32 +0200] "GET > http://www.google.de:8080/ HTTP/1.1" 504 2415 TCP_MISS:NONE > > I have this log entry in my transp. proxy . > > I believe it's a loop. Why do you believe it's a loop? Please show tcpdumps. Loop will be visible on loopback (tcpdump -nlilo). > How can i change this??? Have any a solution for me? > squid listen on port 8080 > _________________________________ > > iptables v1.2.11 > > #iptables -t nat -nL > > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > REDIRECT tcp -- 0.0.0.0 0.0.0.0/0 tcp dpt:80 redir ports > 8080 Put your squid on port 12345, REDIRECT to 12345 intead of 8080. However I doubt it's a loop, I think REDIRECT never apply to locally generated packets. I keep this comment on top of my firewalling scripts: ### filter This is the default table (if no -t option is passed). It contains ### the built-in chains INPUT (for packets coming into the box itself), ### FORWARD (for packets being routed through the box), and OUTPUT (for ### locally-generated packets). ### ### nat This table is consulted when a packet that creates a new connection ### is encountered. It consists of three built-ins: PREROUTING (for ### altering packets as soon as they come in), OUTPUT (for altering ### locally-generated packets before routing), and POSTROUTING (for ### altering packets as they are about to go out). ### ### mangle It had two built-in chains: PREROUTING (for altering incoming ### packets before routing) and OUTPUT (for altering locally-generated ### packets before routing). Recently three other built-in ### chains are added: INPUT (for packets coming into the box ### itself), FORWARD (for altering packets being routed through the ### box), and POSTROUTING (for altering packets as they are about to go ### out). ### ### ...iface... ...iface... ### | ^ ### v | ### -mangle,NAT- -mangle,filter- -mangle,NAT-- ### |PREROUTING|-->[Routing]-->|FORWARD |-->|POSTROUTING| ### ------------ | ^ --------------- ------------- ### | | ^ ### | +--if NATed------------+ | ### v | | ### -mangle,filter- -mangle,NAT,filter- ### |INPUT | +->[Routing]->|OUTPUT | ### --------------- | ------------------- ### | | ### v | ### ... Local Process... -- vda
