El Friday 21 July 2006 15:31, William Bohannan escribió: > Hi I have been using Shorewall for a while now and find it very useful and > easy to configure, I am learning iptables and having trouble getting the > bridge to successfully work with squid, although I get it working with > Shorewall straight away? Does anyone know the rules to successfully use > squid with a transparent bridge? > > Internet – router - (bridge eth0 – eth1) – local lan > > auto lo > iface lo inet loopback > > auto br0 > iface br0 inet static > address 192.168.0.253 > netmask 255.255.255.0 > network 192.168.0.0 > broadcast 192.168.0.255 > gateway 192.168.0.254 > pre-up /sbin/ip link set eth0 up > pre-up /sbin/ip link set eth1 up > pre-up /usr/sbin/brctl addbr br0 > pre-up /usr/sbin/brctl addif br0 eth0 > pre-up /usr/sbin/brctl addif br0 eth1 > > iptables -A INPUT -i br0 -p tcp -d 192.168.0.253 -s 192.168.0.0 --dport > 3128 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -t nat -A > PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3128 echo 1 > > /proc/sys/net/ipv4/ip_forward you are at Link layer in the bridge, packets dont travel up to Network layer, so iptables does not even see this packets. Either you can use ebtables[1] or see 'physdev' in iptables man page. [1]http://ebtables.sourceforge.net/ -- Luciano _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
