iptables question (was Re: Squid question)

Tim Wunder tim
Mon May 17 11:57:16 PDT 2004 

On Tuesday 23 December 2003 8:06 pm, someone claiming to be David A. Bandel 
wrote:
> On Tue, 23 Dec 2003 17:16:41 -0500
>
> Tim Wunder <tim at thewunders.org> wrote:
<snip>
> > So, I continued reading. Eventually, I came upon a page
> > (http://groups.yahoo.com/group/jetty-support/message/3076) that said,
> > "I spent many happy hours wondering why my test browser (on the same
> > box as the server) could not see the redirected jetty service on port
> > 80.
>
> Not true.  See why below.
>
> > When you redirect ports using iptables, the port redirection works
> > only on inbound traffic from *other* hosts."
>
> *IF* you've stipulated eth0 or eth1, etc. as the inbound interface!
>
> > Now that comment was in reference to something called "jetty" and not
> > squid, but is what it says true? Can I not redirect port 80 to 3128
> > using iptables on the server on which squid is running?
> >
> > It appears that I'm failing to grasp something :-(
>
> Yes, you're failing to grasp _where_ the request is originating from.
> Requests from the same system always originate from 127.0.0.1 (lo).  NOT
> from eth0 or eth1. To see this in action, try running tcpdump on lo.
> Traffic is only seen as originating from eth0 _after_ it *leaves* the
> system and only by other systems.
>
> Understanding how things work.
>

OK, I ran 'tcpdump lo', then started up Firebird, which was configured to use 
the proxy, and I rec'd gobs of activity. When I switched off the proxy, I no 
longer saw the activity. I *did* see activity on eth0, though.

What else am I missing? Should I do something about my route?
# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.1.254   0.0.0.0         UG    0      0        0 eth0

192.168.1.254 is my linksys cable router.

Thanks, 
Tim




-- 
Fedora Core 1, Kernel 2.4.22-1.2129.nptl,  KDE 3.1.4, Xfree86 4.3.0
 20:20:01  up 14 days, 23:09,  0 users,  load average: 0.00, 0.04, 0.12
It's what you learn after you know it all that counts

More information about the Linux-users mailing list