iptables related problem
I have Linux box work as router between ADSL modem and LAN
and everything work well. When i want to block any client i drop his mac or ip in PREROUTING chain in nat or in FORWARD chain in filter , usually in FORWARD chain. But i want to let him know why i blocked him , so i redirect only his ip address to squid port by add redirect rule in PREROUTING chain in nat table(and by squidGuard i generate specific message that will appear to this client to let him know reasons of blocked), and until now all thing work well. but when i drop clients' ip by FORWARD chain , clients' request is not redirected to squid , though PREROUTING chain in nat table is passed by packet before FORWARD chain in filter table (as i know). why? |
Well, first, the nat table (either PREROUTING, FORWARD or POSTROUTING) shouldn't be used to DROP packets. That's what the filter table is for (INPUT, FORWARD or OUTPUT).
Then.... I think we should take a look at your rules. Why won'd you show us the output of: iptables -L -nv iptables -t nat -L -nv |
I doubt it's necessary here, but if you want the full picture of the state of your FW, you need something like:
Code:
for T in filter nat mangle raw |
All times are GMT -5. The time now is 11:45 PM. |