Re: redirecting on a local machine

To:	<netfilter@lists.netfilter.org>
Subject:	Re: redirecting on a local machine
From:	"saspan" <saspan@web.de>
Date:	Fri, 19 Jan 2007 20:48:37 +0100
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
References:	<008101c73bf9$dc9d99c0$0700a8c0@stormbook> <45B11AF9.8060209@plouf.fr.eu.org>
Sender:	netfilter-bounces@lists.netfilter.org

To:

<netfilter@lists.netfilter.org>

Subject:

Re: redirecting on a local machine

From:

"saspan" <saspan@web.de>

Date:

Fri, 19 Jan 2007 20:48:37 +0100

Delivered-to:

sp-com-lists@consult.net

Delivered-to:

netfilter-list1@securepoint.com

List-archive:

</pipermail/netfilter>

List-help:

<mailto:netfilter-request@lists.netfilter.org?subject=help>

List-id:

General discussion and user questions <netfilter.lists.netfilter.org>

List-post:

<mailto:netfilter@lists.netfilter.org>

List-subscribe:

<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>

List-unsubscribe:

<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>

References:

<008101c73bf9$dc9d99c0$0700a8c0@stormbook> <45B11AF9.8060209@plouf.fr.eu.org>

Sender:

netfilter-bounces@lists.netfilter.org

From: "Pascal Hambourg" <pascal.mail@plouf.fr.eu.org>

iptables -t -nat -A OUTPUT -m owner ! --owner-uid squid -p tcp --dport80 -j REDIRECT --to-destination 3128
'--to-destination' is not a valid option for REDIRECT. The only validoption is '--to-ports'.

Sorry, sure, that is what it actually looked like.I pasted the code quickly from my memory.

The rule I used was

iptables -t -nat -A OUTPUT -m owner ! --owner-uid squid -p tcp --dport80 -j REDIRECT --to-ports 3128

doesn't seem to work,


That does not provide much info. Can you elaborate ?


The browser sends http-request, it is redirected to squid
and then network-timeout-error occurs in the browser .

cause a browser would not be expecting a replyfrom a transparent proxy when waiting for replies to its requests.
Huh ?

See:The browser sends http-request to e.g. 99.9.9.9.1:80.

The request is redirected to proxy on 127.0.0.1:3128.
Browser waits for reply from 99.9.9.9:80.
Actually the reply will come from proxy on 127.0.0.1:3128.

Do you see the problem?

Regards

Sascha

<Prev in Thread]	Current Thread	[Next in Thread>
redirecting on a local machine, saspan Re: redirecting on a local machine, Jan Engelhardt Re: redirecting on a local machine, saspan Re: redirecting on a local machine, Pascal Hambourg Re: redirecting on a local machine, saspan <= Re: redirecting on a local machine, Jan Engelhardt Re: redirecting on a local machine, Jan Engelhardt Re: redirecting on a local machine, Pascal Hambourg

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: redirecting on a local machine, Pascal Hambourg
Next by Date:	DMZ problems, Bill Tangren
Previous by Thread:	Re: redirecting on a local machine, Pascal Hambourg
Next by Thread:	Re: redirecting on a local machine, Jan Engelhardt
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: redirecting on a local machine, Pascal Hambourg

Next by Date:

DMZ problems, Bill Tangren

Previous by Thread:

Re: redirecting on a local machine, Pascal Hambourg

Next by Thread:

Re: redirecting on a local machine, Jan Engelhardt

Indexes:

[Date] [Thread] [Top] [All Lists]