Hello nate, 'Coz ipchains always displays that message, so I've commented the REDIRECT rule. So for my objective, the important parts are the ipchains, ipmasqadm portfw and route table, right? For my case, do I need any settings like CONFIG_IP_TRANSPARENT_PROXY=y? And will ipchains' MASQ rule affect this? I got something like the following in my rules: ipchains -A forward -s $INTERNAL_NET -j MASQ ipchains -A forward -i $INTERNAL_INTERFACE -j MASQ If it works, what would I see in the syslog for ipchains? Would I see something like the followings? external_interface PCAClientExternalIP (unprivportA) -> FWExternalIP (5632) internal_interface PCAClientExternalIP (unprivportA) -> PCAHostInternalIP (5632) Thanks.
Regards, Simon. nate wrote: > Simon Tneoh Chee-Boon said: > > Hello nate, > > When I try to some REDIRECT in ipchains, I got the following message: > > ipchains: No target by that name (Maybe this kernel doesn't support > > transparent proxying?) > > Could this cause the problem? > > I'm using Linux wira 2.2.20 #1 Sat Apr 20 11:45:28 EST 2002 i686 unknown. > > I've executed tcpdump, no connection to the internal IP for the > > internal > > interface. > > redirect only works for redirecting to a local service. > > e.g. > > server A has a service on port 500 > server A has REDIRECT(transparent proxy) which points port 5000->500 > connections from remote systems to port 5000 will end up on port 500 > connections from the local system(Server A) to port 5000 will fail. > > it will NOT work in combonation with port forwarding in redirecting > traffic to another host. > > this could be a problem yes if you have a redirect statement on the > same port as your port forwarding. to use transparent proxy you need: > CONFIG_IP_TRANSPARENT_PROXY=y > > in your kernel config(debian kernels store their config in > /boot/config-`uname -r`) > > nate > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Simon Tneoh Chee-Boon [EMAIL PROTECTED] Senior Technologist MyBiz International Limited Tel: (60)3-2713-8181 Fax: (60)3-2713-8811 Personal: http://www.tneoh.zoneit.com/simon/ Company: http://www.mybiz.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]