Re: [Fwbuilder-discussion] Fwbuilder, NAT, transparent proxy : what's wrong ?
Brought to you by:
mikehorn
From: Vadim K. <va...@vk...> - 2003-01-23 18:16:05
|
the rule seems to be correct. The iptables firewall does not make any changes to the packet payload, so the URL your browser tried to access could not have been changed. You can make sure this is so by running tcpdump on the proxy machine with flags "-s1500 -wlog" and then inspecting packets it collects in the file "log" (use "strings log"). You should see the URL your borwser sends to the server via proxy. It is hard to say why your proxy makes this record in the log, are you sure it is configured properly to run in the transparent proxy mode ? For example, squid needs to be configured in a certain way: http://www.squid-cache.org/Doc/FAQ/FAQ-17.html --vk On Thursday, January 23, 2003, at 06:48 AM, Pierre-Antoine Angelini wrote: > case 2: > > I select "direct internet connexion" in mozilla preferences and let my > firewall through a DNAT rule set the path to ProxyServer > > rule is: > > -- [root@erebus root]# iptables -t nat -L -n > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > ntmp000 tcp -- 148.60.10.9 0.0.0.0/0 multiport > dports 80,81,8080,8083,443,8000 > > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > Chain ntmp000 (1 references) > target prot opt source destination > RETURN all -- 0.0.0.0/0 148.60.0.0/20 > DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport > dports 80,81,8080,8083,443,8000 to:148.60.8.4:8081 > > This doesn't work. > > Transproxy receive right URL, but with wrong port. > > Log shows " Request_NoDNS http://www.google.com:8081" <= obviously > tproxy listening port. > > I'm stuck, i don't understand why firewall sends such requests. > |