LinuxQuestions.org - iptables related problem

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - iptables related problem (https://www.linuxquestions.org/questions/linux-networking-3/iptables-related-problem-729986/)

iptables related problem

I have Linux box work as router between ADSL modem and LAN
and everything work well.
When i want to block any client i drop his mac or ip in PREROUTING chain in nat or in FORWARD chain in filter , usually in FORWARD chain.
But i want to let him know why i blocked him , so i redirect only his ip address to squid port by add redirect rule in PREROUTING chain in nat table(and by squidGuard i generate specific message that will appear to this client to let him know reasons of blocked), and until now all thing work well.
but when i drop clients' ip by FORWARD chain , clients' request is not redirected to squid , though PREROUTING chain in nat table is passed by packet before FORWARD chain in filter table (as i know). why?

Well, first, the nat table (either PREROUTING, FORWARD or POSTROUTING) shouldn't be used to DROP packets. That's what the filter table is for (INPUT, FORWARD or OUTPUT).

Then.... I think we should take a look at your rules.

Why won'd you show us the output of:

iptables -L -nv
iptables -t nat -L -nv

I doubt it's necessary here, but if you want the full picture of the state of your FW, you need something like:

Code:

for T in filter nat mangle raw

do

  echo -e "============\n$T\n------"

  iptables -L -nv -t $T 

done  | less

Also, please consider posting the output to a permanent pastebin, rather than cluttering your post w/ it.