At 12:50 PM 10/11/98 +0800, Walter Klomp wrote:
>However after I upgraded my RH5.1 to 2.1.125 now my transparent proxy
>doesn't work anymore. No matter what I try to enable in the kernel, ipfwadm
>doesn't work anymore. Says this:
with linux kernels > 2.1.101, you'll have to use "ipchains" instead of
"ipfwadm" (ipfwadm having been deprecated).
follow the documentation at
http://www.adelaide.net.au/~rustcorp/linux/ipchains/ for packages to
get/install, then use layer-4 redirection rules as follows:
# flush rules
/sbin/ipchains -F
# set default policies on input/output/forward
/sbin/ipchains -P input ACCEPT
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -P forward DENY
# accept all traffic on loopback interface
/sbin/ipchains -A input -i lo
# accept my own IP addr to prevent loops
# (repeat for each i/face)
/sbin/ipchains -A input -p tcp -d YOURIP 3128 -j ACCEPT
# transparent redirection
# forward any traffic destined for port 80 to squid on port 3128
/sbin/ipchains -A input -p tcp -d 0.0.0.0/0 80 -j REDIRECT 3128
cheers,
lincoln.
-- lincoln dale e: (wk) ltd@telstra.net (hm) ltd@interlink.com.au "After Layer 3, it's only really a matter of how deep into a packet you look, and how the information is used. Soon we may be hearing of new devices that take advantage of the two new OSI layers: 8 (politics) and 9 (religion)" -- Metz @ Strategic Net ConsultingReceived on Sat Oct 10 1998 - 22:45:12 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:24 MST