On 29/08/2012 11:20 p.m., Eliezer Croitoru wrote:
> On 8/29/2012 1:15 PM, Pawel Mojski wrote:
>> iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
>> ip.of.my.squid:8081 i have strange error.
> it means that every packet the will go to port 80 will be redirected
> to squid ip+port and it means that the packets from squid are the same
> and will be looped.
> you should use the "-j REDIRECT instead of -j DNAT .
> also I recommend you to be explicit about the interface and ip's that
> will be intercepted by the proxy.
>
> example:
> iptables -t nat -A PREROUTING -i eth1 -s 192.168.1.0/24 ! -d
> 192.168.10.1/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8081
>
> Regards,
> Eliezer
>
>
3.2.1 seems to have a small bug in not detecting such loops early. Older
versions caught them quickly under the same conditions.
This is being tracked in bug 3626.
Amos
Received on Wed Aug 29 2012 - 12:55:42 MDT
This archive was generated by hypermail 2.2.0 : Wed Aug 29 2012 - 12:00:08 MDT