Re: [help] modern iptables rule for transproxy

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Amos Jeffries <squid3@treenet.co.nz>
Cc: netfilter@vger.kernel.org
Subject: Re: [help] modern iptables rule for transproxy
Date: Fri, 11 Jan 2008 16:30:27 +1300	[thread overview]
Message-ID: <4786E2D3.2040702@treenet.co.nz> (raw)
In-Reply-To: <200801101602.m0AG2iC5022136@betty.it.uc3m.es>

Peter T. Breuer wrote:
> I'd be much obliged if somebody could give me a modern iptables
> equivalent for this ipchains rule
> 
>    ipchains -A input -p tcp -d 0.0.0.0/0 80 -j REDIRECT 8081

My auto-generated FW has this (with suitable replacements):

iptables -t nat -A PREROUTING -i $LOCAL_IFACE -p tcp -s ! $PROXY_BOX 
--dport 80 -j REDIRECT --to-ports 8081

> 
> which is intended to redirect OUTGOING packets with port 80 as
> destination to port 8081 on localhost, where I have tproxy sitting
> waiting to talk to the LAN web proxy and cache.
> 
> The tproxy man page doesn't give anything other than ipfw (freebsd)
> or ipfwadm or ipchains (or ipnat, whatever that is) rules, but then it
> was written in 2000. Perhaps the man page could be updated, with a
> suitable note of thanks, when we know what to put in it!
> 
> Thanks in advance!
> 
> Peter (ptb@cs.bham.ac.uk, ptb@inv.it.uc3m.es)
> 

Amos
-- 
Please use Squid 2.6STABLE17 or 3.0STABLE1.
There are serious security advisories out on all earlier releases.

next prev parent reply	other threads:[~2008-01-11  3:30 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-01-10 16:02 [help] modern iptables rule for transproxy Peter T. Breuer
2008-01-11  3:30 ` Amos Jeffries [this message]
  -- strict thread matches above, loose matches on Subject: below --
2008-01-12 10:59 Peter T. Breuer
2008-01-12 14:38 ` Gonzalo Arana
2008-01-12 14:58 ` James Lay
2008-01-15 19:33 Peter T. Breuer
2008-01-15 23:55 ` Philip Craig
2008-01-18 18:07 Peter T. Breuer
2008-01-18 18:59 ` Antonio Augusto (Mancha)
2008-01-21  0:48 ` Philip Craig

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4786E2D3.2040702@treenet.co.nz \
    --to=squid3@treenet.co.nz \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.