[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Iptables configuration for a transparent proxy for a single user



Removing '-t nat' from the last rule should do what you need. Only the
first two really need to be in the NAT table (because they are
modifying the traffic, not filtering it).

  - John Brooks

On Wed, May 13, 2009 at 11:15 PM, leandro noferini
<lnoferin@xxxxxxxxxxxxxxx> wrote:
> Ciao a tutti,
>
> in tor wiki at the address
>
> http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy#head-235f10e71909d609c46847c9f91efe8ed5168004
>
> explains the way to apply a trasparent proxy for a specific user.
>
> The rules for iptables are
>
> iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp --syn -j REDIRECT --to-ports 9040
> iptables -t nat -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j REDIRECT --to-ports 53
> iptables -t nat -A OUTPUT -m owner --uid-owner anonymous -j DROP
>
> In my debian  unstable linux (kernel 2.6.29 and  iptables 1.4.3.2-2 from
> package) these  rules don't  work anymore and  this is the  message from
> iptables
>
> The "nat" table is not intended for filtering, the use of DROP is therefore inhibited.
>
> Does anyone know the changes needed tomake it work again?
>
>
> --
> Ciao
> leandro
> Io non voglio sapere tutto, io voglio capire tutto
>