From mboxrd@z Thu Jan  1 00:00:00 1970
From: Metal Gear <finattack@gmail.com>
Subject: Fwd: proxy+port redirection behaviour
Date: Thu, 28 Apr 2005 15:12:15 +0600
Message-ID: <110c7844050428021276a634f4@mail.gmail.com>
References: <110c784405042103362108ebad@mail.gmail.com>
	<4267C082.7030809@riverviewtech.net>
	<110c784405042704552296d4f5@mail.gmail.com>
	<42706029.2090908@riverviewtech.net>
	<110c784405042802112d30e98f@mail.gmail.com>
Reply-To: Metal Gear <finattack@gmail.com>
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Return-path: <netfilter-bounces@lists.netfilter.org>
In-Reply-To: <110c784405042802112d30e98f@mail.gmail.com>
Content-Disposition: inline
List-Id: <netfilter.vger.kernel.org>
List-Unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
List-Archive: </pipermail/netfilter>
List-Post: <mailto:netfilter@lists.netfilter.org>
List-Help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-Subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
Sender: netfilter-bounces@lists.netfilter.org
Errors-To: netfilter-bounces@lists.netfilter.org
Content-Type: text/plain; charset="us-ascii"
To: netfilter@lists.netfilter.org

Hi,

I (for some unknown reason) was thinking that the firewall that your client=
s=20
> used was a Linux box which had a 2nd hardware firewall connecting it to t=
he=20
> net. As such I did not take in to account that the host that you would be=
=20
> running this rule on might not already be set up to
>=20
forward traffic.


My clients gateway is set to squid proxy and the squid proxy 's gateway is=
=20
set to the firewall. I want to run the rules on my squid box and there are=
=20
no other rules on it. Except the ones that i send in my previous mail.

As such, do you have any other firewall rules set up or policies on chains=
=20
> set to DROP traffic? Also you will need to make sure that=20
> /proc/sys/net/ipv4/ip_forward is set to 1 thus configuring your server to=
=20
> forward traffic. You will have to forward traffic as traffic is coming in=
 to=20
> your server and then being redirected / forwarded to another server. This=
=20
> could possibly explain the ""filtering that nmap is reporting as I'm not=
=20
> sure what type of error will be generated by trying to forward and then=
=20
> being DROPed. I expect that the traffic will just look like there is=20
> something in the way, not a reject or no route to host or any thing like=
=20
> that.


Yes no extra DROP rules My squid box has only one interface so there is any=
=20
neeed of enabling forwarding on it. ?? Anyways i enable forwarding but stil=
l=20
it does not works.


Thanks