My ipmasqadm portfw table looks like this

prot localaddr lport
TCP mail.slcc4ministry.edu www
remoteaddr rport
mail.slcc4ministry.edu 3095
pcnt pref
100 100

I have a squid proxy server running on 3095 and want to redirect all traffic coming in on port 80 (http port) through it.

to do this i used this command

ipmasqadm portfw -a -P tcp -L 172.31.0.100 80 -R 172.31.0.100 3095 -p 100

what is wrong?

TIA
Adam

unfortunately portfw dosen't work with local redirection. I have a similar setup and redirect web traffic using the REDIRECT ipchains rule on my internal nic. The problem with port forwarding is that it only forwards packets that are forwarded, meaning that they go from one nic to the other and then out into internet land. Since your packets are destined for the box itself, portfw never sees them. You'll need to capture http traffic with ip chains to pass it the proxy. My rules look something like this:

ipchains -A input -i $internal-nic -p tcp \
-s $lan-ip-range $unprivports \
-d $internal-ip-address 80 -j REDIRECT 3095

I'm pretty sure that's them. I'll double check my firewall script tomorrow and edit this post if I'm wrong.

Also, you might need to have support for transparent proxying compiled into the kernel. I'm not 100% positive that this is necessary with squid, but I know it's needed with some other, less-capable programs other like tproxy.

[ 29 March 2001: Message edited by: ndelo ]

Here is my ipchains table at the current time, it is still not working:

Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT all ---f-- anywhere anywhere n/a
acctin all ------ anywhere anywhere n/a
acctboth all ------ anywhere anywhere n/a
inp all ------ anywhere anywhere n/a
REDIRECT tcp ------ anywhere mail.slcc4ministry.edu any -> ww
w => 3095
REDIRECT tcp ------ anywhere mail.slcc4ministry.edu www -> 0
=> 3095
Chain forward (policy ACCEPT):
target prot opt source destination ports
MASQ all ------ anywhere anywhere n/a
ACCEPT all ---f-- anywhere anywhere n/a
fwd all ------ anywhere anywhere n/a
Chain output (policy ACCEPT):
target prot opt source destination ports
ACCEPT all ---f-- anywhere anywhere n/a
acctout all ------ anywhere anywhere n/a
acctboth all ------ anywhere anywhere n/a
out all ------ anywhere anywhere n/a
Chain acctin (1 references):
Chain acctout (1 references):
Chain acctboth (2 references):
Chain inp (1 references):
Chain out (1 references):
Chain fwd (1 references):
Chain IpFwAdM! (0 references):
target prot opt source destination ports
- all ------ anywhere anywhere n/a
- all ------ anywhere anywhere n/a

[ 31 March 2001: Message edited by: atray ]