Luciano Ruete wrote: > El Friday 21 July 2006 15:31, William Bohannan escribió: >> Hi I have been using Shorewall for a while now and find it very useful and >> easy to configure, I am learning iptables and having trouble getting the >> bridge to successfully work with squid, although I get it working with >> Shorewall straight away? Does anyone know the rules to successfully use >> squid with a transparent bridge? >> >> Internet – router - (bridge eth0 – eth1) – local lan >> >> auto lo >> iface lo inet loopback >> >> auto br0 >> iface br0 inet static >> address 192.168.0.253 >> netmask 255.255.255.0 >> network 192.168.0.0 >> broadcast 192.168.0.255 >> gateway 192.168.0.254 >> pre-up /sbin/ip link set eth0 up >> pre-up /sbin/ip link set eth1 up >> pre-up /usr/sbin/brctl addbr br0 >> pre-up /usr/sbin/brctl addif br0 eth0 >> pre-up /usr/sbin/brctl addif br0 eth1 >> >> iptables -A INPUT -i br0 -p tcp -d 192.168.0.253 -s 192.168.0.0 --dport >> 3128 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -t nat -A >> PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3128 echo 1 > >> /proc/sys/net/ipv4/ip_forward > > you are at Link layer in the bridge, packets dont travel up to Network layer, > so iptables does not even see this packets. > Either you can use ebtables[1] or see 'physdev' in iptables man page. > > [1]http://ebtables.sourceforge.net/ Also, i need to point this out, be very careful as not to include the squid machine in the ebtables redirect, as that could end up in an endless loop. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
