* Transparent web proxy
@ 2007-06-12 11:13 Ian Moyce
2007-06-12 11:38 ` Ray Leach
0 siblings, 1 reply; 5+ messages in thread
From: Ian Moyce @ 2007-06-12 11:13 UTC (permalink / raw)
To: netfilter
Hello,
I am trying to set up transparent web proxy server, but from the
examples I have found on the web, I can not make it work.
I am trying:
iptables -A FORWARD -i vnet0 -o tun0 -p tcp -m state --state
ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A PREROUTING -i venet0 -p tcp --dport 80 -j REDIRECT
--to 8888
Where tun0 is the VPN port, vnet0 (its actually vnet0:0) is the
network interface.
Squid is listening on localhost:8888
I get an error message when I run these 2 lines:
# iptables -t nat -A PREROUTING -i venet0 -p tcp --dport 80 -j
REDIRECT --to 8888
iptables: No chain/target/match by that name
Help!!!
Thanks
Ian Moyce
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Transparent web proxy
2007-06-12 11:13 Transparent web proxy Ian Moyce
@ 2007-06-12 11:38 ` Ray Leach
2007-06-12 11:44 ` Ian Moyce
0 siblings, 1 reply; 5+ messages in thread
From: Ray Leach @ 2007-06-12 11:38 UTC (permalink / raw)
To: netfilter
On Tuesday 12 June 2007 13:13:08 Ian Moyce wrote:
> Hello,
>
> I am trying to set up transparent web proxy server, but from the
> examples I have found on the web, I can not make it work.
>
> I am trying:
>
> iptables -A FORWARD -i vnet0 -o tun0 -p tcp -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> iptables -t nat -A PREROUTING -i venet0 -p tcp --dport 80 -j REDIRECT
> --to 8888
>
> Where tun0 is the VPN port, vnet0 (its actually vnet0:0) is the
> network interface.
>
> Squid is listening on localhost:8888
>
> I get an error message when I run these 2 lines:
>
> # iptables -t nat -A PREROUTING -i venet0 -p tcp --dport 80 -j
> REDIRECT --to 8888
> iptables: No chain/target/match by that name
>
>
> Help!!!
>
> Thanks
>
> Ian Moyce
Seems like you're missing NAT support in your kernel maybe?
------------------------------------------------------------------------------------------
This e-mail was checked by the e-Sweeper Service.
For more information visit our website, Clearswift Corporation e-Sweeper :
http://www.mimesweeper.com/products/esweeper/
------------------------------------------------------------------------------------------
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Transparent web proxy
2007-06-12 11:38 ` Ray Leach
@ 2007-06-12 11:44 ` Ian Moyce
2007-06-12 13:14 ` Ray Leach
0 siblings, 1 reply; 5+ messages in thread
From: Ian Moyce @ 2007-06-12 11:44 UTC (permalink / raw)
To: Ray Leach, netfilter
On 12 Jun 2007, at 12:38, Ray Leach wrote:
> On Tuesday 12 June 2007 13:13:08 Ian Moyce wrote:
>> Hello,
>>
>> I am trying to set up transparent web proxy server, but from the
>> examples I have found on the web, I can not make it work.
>>
>> I am trying:
>>
>> iptables -A FORWARD -i vnet0 -o tun0 -p tcp -m state --state
>> ESTABLISHED,RELATED -j ACCEPT
>> iptables -t nat -A PREROUTING -i venet0 -p tcp --dport 80 -j REDIRECT
>> --to 8888
>>
>> Where tun0 is the VPN port, vnet0 (its actually vnet0:0) is the
>> network interface.
>>
>> Squid is listening on localhost:8888
>>
>> I get an error message when I run these 2 lines:
>>
>> # iptables -t nat -A PREROUTING -i venet0 -p tcp --dport 80 -j
>> REDIRECT --to 8888
>> iptables: No chain/target/match by that name
>>
>>
>> Help!!!
>>
>> Thanks
>>
>> Ian Moyce
>
>
> Seems like you're missing NAT support in your kernel maybe?
>
Hi,
NAT seems to be working okay as I am using it as a VPN server...!
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Transparent web proxy
2007-06-12 11:44 ` Ian Moyce
@ 2007-06-12 13:14 ` Ray Leach
2007-06-12 13:39 ` Gáspár Lajos
0 siblings, 1 reply; 5+ messages in thread
From: Ray Leach @ 2007-06-12 13:14 UTC (permalink / raw)
To: Ian Moyce; +Cc: netfilter
On Tuesday 12 June 2007 13:44:07 Ian Moyce wrote:
> On 12 Jun 2007, at 12:38, Ray Leach wrote:
> > On Tuesday 12 June 2007 13:13:08 Ian Moyce wrote:
> >> Hello,
> >>
> >> I am trying to set up transparent web proxy server, but from the
> >> examples I have found on the web, I can not make it work.
> >>
> >> I am trying:
> >>
> >> iptables -A FORWARD -i vnet0 -o tun0 -p tcp -m state --state
> >> ESTABLISHED,RELATED -j ACCEPT
> >> iptables -t nat -A PREROUTING -i venet0 -p tcp --dport 80 -j REDIRECT
> >> --to 8888
> >>
> >> Where tun0 is the VPN port, vnet0 (its actually vnet0:0) is the
> >> network interface.
> >>
> >> Squid is listening on localhost:8888
> >>
> >> I get an error message when I run these 2 lines:
> >>
> >> # iptables -t nat -A PREROUTING -i venet0 -p tcp --dport 80 -j
> >> REDIRECT --to 8888
> >> iptables: No chain/target/match by that name
> >>
> >>
> >> Help!!!
> >>
> >> Thanks
> >>
> >> Ian Moyce
> >
> > Seems like you're missing NAT support in your kernel maybe?
>
> Hi,
>
> NAT seems to be working okay as I am using it as a VPN server...!
Specifically the REDIRECT target needs to be compiled into the kernel or full
nat support.
------------------------------------------------------------------------------------------
This e-mail was checked by the e-Sweeper Service.
For more information visit our website, Clearswift Corporation e-Sweeper :
http://www.mimesweeper.com/products/esweeper/
------------------------------------------------------------------------------------------
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Transparent web proxy
2007-06-12 13:14 ` Ray Leach
@ 2007-06-12 13:39 ` Gáspár Lajos
0 siblings, 0 replies; 5+ messages in thread
From: Gáspár Lajos @ 2007-06-12 13:39 UTC (permalink / raw)
To: Ray Leach; +Cc: netfilter
Ray Leach írta:
> On Tuesday 12 June 2007 13:44:07 Ian Moyce wrote:
>
>> On 12 Jun 2007, at 12:38, Ray Leach wrote:
>>
>>> On Tuesday 12 June 2007 13:13:08 Ian Moyce wrote:
>>>
>>>> Hello,
>>>>
>>>> I am trying to set up transparent web proxy server, but from the
>>>> examples I have found on the web, I can not make it work.
>>>>
>>>> I am trying:
>>>>
>>>> iptables -A FORWARD -i vnet0 -o tun0 -p tcp -m state --state
>>>> ESTABLISHED,RELATED -j ACCEPT
>>>> iptables -t nat -A PREROUTING -i venet0 -p tcp --dport 80 -j REDIRECT
>>>> --to 8888
>>>>
Maybe a mistype but: venet0 or vnet0 ???
>>>> Where tun0 is the VPN port, vnet0 (its actually vnet0:0) is the
>>>> network interface.
>>>>
vnet0:0 ??? then you should use vnet0:0 or vnet+ in the rule.
>>>> Squid is listening on localhost:8888
>>>>
>>>> I get an error message when I run these 2 lines:
>>>>
>>>> # iptables -t nat -A PREROUTING -i venet0 -p tcp --dport 80 -j
>>>> REDIRECT --to 8888
>>>> iptables: No chain/target/match by that name
>>>>
>>>>
>>>> Help!!!
>>>>
>>>> Thanks
>>>>
>>>> Ian Moyce
>>>>
>>> Seems like you're missing NAT support in your kernel maybe?
>>>
>> Hi,
>>
>> NAT seems to be working okay as I am using it as a VPN server...!
>>
I do not get it... I think you mix up something...
VPN != NAT
>
> Specifically the REDIRECT target needs to be compiled into the kernel or full
> nat support.
>
Not true... You may have it as a module too.
Check if the NAT module loaded:
lsmod | grep iptable_nat
REDIRECT module:
lsmod | grep ipt_REDIRECT
>
>
> ------------------------------------------------------------------------------------------
> This e-mail was checked by the e-Sweeper Service.
> For more information visit our website, Clearswift Corporation e-Sweeper :
> http://www.mimesweeper.com/products/esweeper/
> ------------------------------------------------------------------------------------------
>
>
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2007-06-12 13:39 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-06-12 11:13 Transparent web proxy Ian Moyce
2007-06-12 11:38 ` Ray Leach
2007-06-12 11:44 ` Ian Moyce
2007-06-12 13:14 ` Ray Leach
2007-06-12 13:39 ` Gáspár Lajos
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox