Transparent http filtering VLAN traffic without being a member of tagged VLANs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On a bridge setup, I want to filter http traffic transparently through
Squid. br0 bridge is between eth0 and eth1.
In the bridged traffic there are some tagged VLANs.

When I run tcpdump on br0 I see all the traffic from VLANs. At this
point a DNAT (VLAN10Subnet - Any - http => Original - Localhost -
8080) does not work.

When enabled VLANs by vconfig:
vconfig add br0 26

I see br0.26 interface in ifconfig output.

And DNAT is working. When I DNAT the traffic into port 8080 on
localhost to Squid, I see that Squid gets the traffic and logs it into
the log file. However, proxying will not happen. Reply can not be
delivered to the original requester. We broke the connection. On the
user side, HTTP traffic is cut.

I think the problem is not having any IP on br0.26 from VLAN10Subnet.
Because whole C class is divided into subnets of 255.252 having 2
usable IP address and both are used. Do you have any other idea on
identifiying the problem?

If you think the problem is what I see, how can I overcome this?

Best Regards,
Oguz.
--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux