>Umm. You do have a rule to _not_ do transparent proxying on your _own_
>addresses don't you? If 2.2.x is passing stuff back through that
>rule-chain again for local and outbound connections, it could be messing
>you up. (From what I recall, you're T-proxying FROM anywhere TO
>anywhere, and 'anywhere' could include you)
Hello Dancer,
I tried changing the ipchains rule like you advised. I had this before:
ipchains -A input -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 80 -j REDIRECT 3128
And tried this, but I still got those annoying "port 80 unreachable messages":
ipchains -A input -p tcp -s 0.0.0.0/0 -d ! 200.231.199.10/32 80 -j REDIRECT
3128
(200.231.199.10 is the Linux/Squid server)
I don't really think it's a problem with the ipchains rule, since it works
with kernel 2.0.36 with no problem (of course, I had to patch the kernel
manually for the ipchains feature).
I posted this message at the linux-net mailing-list, let's see if anyone
knows what this is.
Thanks!
Henrique Pantarotto
Coord. Técnico Operacional
CEPAnet Internet Provider
Web: http://www.cepa.com.br
Tel. suporte: +55 (011) 5506-8477
Sao Paulo - Brasil
Linux Friend
Received on Fri May 14 1999 - 05:21:25 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:18 MST