Re: filter policy drop and allow transparent proxy

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



William Bohannan wrote:
Trying to use the policy drop rule with the bridged firewall, when I
removed the first line the transparent proxy works great?  It seems a
bit strange as from reading several articles on it I thought the
following occurs. 1st line - if it doest match it gets dropped on the local filter input.
2nd line - redirects the traffic off the link layer into the network
layer ready for line 3.
3rd line - redirects the port 80 to 8080 and then goes to the local
process (squid) through the input filter
4th line - input filter accepts the traffic over riding the global
reject policy.
iptables -P INPUT DROP
ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6
--ip-destination-port 80 -j redirect --redirect-target ACCEPT
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT
--to-port 8080
iptables -A INPUT -p tcp --dport 80 -m physdev --physdev-in eth1
--physdev-out eth0 -j ACCEPT

Any help would be most welcome.

Kind Regards
William

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

The 4th line should look for packets on dport 8080 instead of 80
-Jasbir
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux