In that situation, I put a third nic on the box and gave it a real IP address for management purposes (such as running yum). I'm not exactly sure yum updates to the bridge itself will work without an IP adddress. I think in the proxy situation, you might need to set up a prerouting iptables rule that redirects the traffic to the squid port or something similar? Julian Lyndon-Smith wrote: > Thanks Melissa for responding > > I was trying to play with physdev. > > Ignoring all the inbound stuff, if I was on the console of this > machine (Mybox) > MyBox > +-----br0----+ > | | > router<--->eth0+ +eth1<--->Lan > > Where br0, eth0 and eth1 had no ip address, and I wanted to "yum > update" (which I presume uses port 80) what rules would I need to put > in place ? I was looking for something to do with 127.0.0.1 (the lo > interface) and eth0. > > If I got that to work, the squid proxy should automatically follow, no ? > > Julian > > Melissa Meyer wrote: >> >> In the 2.6 kernel, there's an iptables module called physdev to match >> the bridge's physical in and out devices so something like: >> >> iptables -A FORWARD -m physdev -p tcp --dport 25 >> --physdev-in eth0 -j ACCEPT >> >> to allow smtp traffic through. >> >> >> Julian Lyndon-Smith wrote: >>> I want to be able to install a box that is a transparent bridge, but >>> that is also running a transparent proxy, but with a twist .. >>> >>> i am a newbie in all things linux, so bear with me :) >>> >>> So far I have managed to install centos 4.3, and following various >>> guides on the net, created a bridge between eth1 (connected to lan) >>> and eth0 (connected to router). That works great. >>> >>> I also managed to install squid, get it running transparently and >>> added a rule to iptables to make all that work just fine. So now, >>> all my clients attached to the lan run through the squid proxy >>> without them knowing. >>> >>> Now, for the twist. For development and testing, I assigned an ip >>> address and gateway to the bridge. I need to be able for a "non-it" >>> person to install this box without having to set it up at all , so >>> it cannot have an ip address assigned, as it *may* be in use >>> somewhere else on the lan or router. >>> >>> So, I changed the ip address to 0.0.0.0. Everything except squid >>> still worked. I presume that's because it does not know how to route >>> the data to get stuff. >>> >>> Can I add a rule to iptables or something to say "anything that's >>> come from eth1 into the local box, after processing send to eth0" >>> and vice-versa ? >>> >>> Julian. >>> _______________________________________________ >>> Bridge mailing list >>> Bridge at lists.osdl.org >>> https://lists.osdl.org/mailman/listinfo/bridge >>> >> _______________________________________________ >> Bridge mailing list >> Bridge at lists.osdl.org >> https://lists.osdl.org/mailman/listinfo/bridge >> >> >
