On Wed, 2010-02-17 at 22:06 +0200, Oguz Yilmaz wrote: > On a bridge setup, I want to filter http traffic transparently through > Squid. br0 bridge is between eth0 and eth1. > In the bridged traffic there are some tagged VLANs. > > When I run tcpdump on br0 I see all the traffic from VLANs. At this > point a DNAT (VLAN10Subnet - Any - http => Original - Localhost - > 8080) does not work. > > When enabled VLANs by vconfig: > vconfig add br0 26 > > I see br0.26 interface in ifconfig output. > > And DNAT is working. When I DNAT the traffic into port 8080 on > localhost to Squid, I see that Squid gets the traffic and logs it into > the log file. However, proxying will not happen. Reply can not be > delivered to the original requester. We broke the connection. On the > user side, HTTP traffic is cut. Is this due to the TCP triangle problem? http://jengelh.medozas.de/images/dnat-mistake.png -- Matt Zagrabelny - mzagrabe@xxxxxxxxx - (218) 726 8844 University of Minnesota Duluth Information Technology Systems & Services PGP key 4096R/42A00942 2009-12-16 Fingerprint: 5814 2CCE 2383 2991 83FF C899 07E2 BFA8 42A0 0942 He is not a fool who gives up what he cannot keep to gain what he cannot lose. -Jim Elliot
Attachment:
signature.asc
Description: This is a digitally signed message part
