Re: filter policy drop and allow transparent proxy

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



William Bohannan wrote:
Thanks for the quick response Jasbir.  Tried doing as you said with no
luck, changed dport to port 8080 on the 4th line (see below).  Same as
before if you remove line 1 the transparent proxy works.


iptables -P INPUT DROP
ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6
--ip-destination-port 80 -j redirect --redirect-target ACCEPT
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT
--to-port 8080
iptables -A INPUT -p tcp --dport 8080 -m physdev --physdev-in eth1
--physdev-out eth0 -j ACCEPT

Kind Regards

William
Need to do some debugging.
Set default INPUT policy to ACCEPT and add various rules in the INPUT chain (without any target action ) to verify which rules are matching.

for example:
iptables -A INPUT -p tcp --dport 8080 -m physdev --physdev-in eth1
 --physdev-out eth0
iptables -A INPUT -p tcp --dport 8080 -m physdev --physdev-in eth0
 --physdev-out eth1
iptables -A INPUT -p tcp --dport 8080 -i br0
Then check out the output of:
iptables -nvL INPUT
HTH
Jasbir
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux