From: "Taylor, Grant" <gtaylor@riverviewtech.net>
To: netfilter@lists.netfilter.org
Subject: Re: On vanilla Fedora 3, can't do a transparent proxy (-j REDIRECT)
Date: Mon, 02 May 2005 16:55:06 -0500 [thread overview]
Message-ID: <4276A1BA.9040603@riverviewtech.net> (raw)
In-Reply-To: <df31c404050502141865ca509c@mail.gmail.com>
Thank you Ramoni, you beat me to the punch. The PREROUTING chain is for packets inbound and forwarding through the host (I believe), not packets that are generated on the box and will be going out to the world. For packets generated on the box and going out to the world the OUTPUT chain is what you want to add your rules to.
IMHO there is nothing wrong with testing from the box that is doing the (trans)proxying it's self, you just have to be aware that it will follow different rules than the rest of the network. The same applies for IPSec VPNs via (Free|Open)SWAN. I personally always start testing from the firewall it's self via pings, but I include the "-I" parameter to tell ping what IP to use thus emulating traffic that will be coming in from the LAN vs just going out via the WAN. IMHO this is better in the long run to know how to do as you can do some preliminary testing via SSH connections with out having to have any access to a client system. Thus you should know how to do the testing from the firewall it's self.
Grant. . . .
next prev parent reply other threads:[~2005-05-02 21:55 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-02 18:42 On vanilla Fedora 3, can't do a transparent proxy (-j REDIRECT) John G. Norman
2005-05-02 18:51 ` Jason Opperisano
2005-05-02 19:04 ` John G. Norman
2005-05-02 20:57 ` Jason Opperisano
2005-05-02 19:42 ` Taylor, Grant
2005-05-02 20:55 ` John G. Norman
2005-05-02 21:01 ` Jason Opperisano
2005-05-02 21:12 ` Ramoni
2005-05-02 21:18 ` John G. Norman
2005-05-02 21:55 ` Taylor, Grant [this message]
2005-05-03 2:27 ` iptables ip forwarding elg3ne
2005-05-02 21:15 ` On vanilla Fedora 3, can't do a transparent proxy (-j REDIRECT) John G. Norman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4276A1BA.9040603@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox