RE: linux transparent bridge running squid and dansguardian

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks or the quick reply.  Although I have had no success, I have been
trying all day using both physdev and ebtables, neither of which I can get
working :( Please help - below is what I am currently using.


***********************************************************************
#!/bin/sh

PATH=/usr/sbin:/sbin:/bin:/usr/bin

#
# delete all existing rules.
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT


# Allow established connections, and those not coming from the outside
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j
ACCEPT

# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

# Masquerade.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# Don't forward from the outside to the inside.
#iptables -A FORWARD -i eth0 -o eth0 -j REJECT

# Enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward

# This line tells ebtables to route (accept) the packages // going to port
80, instead of bridging them: 
ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port
80 -j redirect --redirect-target ACCEPT 

# This line tells ebtables to route (accept) the packages // going to port
80, instead of bridging them: 
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT
--to-port 8080

# This line is from www.linux.com transparent proxy which allows port 8080
from the local network
#iptables -A INPUT -i eth1 -p tcp -d 192.168.0.253 -s 192.168.0.0 --dport
8080 -m state --state NEW,ESTABLISHED -j ACCEPT 
iptables -A FORWARD -p tcp --dport 80 -m physdev --physdev-in eth1
--physdev-out eth0 -j ACCEPT

**********************************************************************


Please help - if I use Shorewall it works first go?

Internet - (eth0 - eth1) - local lan


Kind regards

William

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux