I dont think so. Because, I track tcpdump data and see no replies are sent. To clarify the topolgy: br0: 91.90.90.60 eth0: noIP eth1: noIP eth2: 10.0.0.1 Default Gw: 91.90.90.1 On Wed, Feb 17, 2010 at 10:11 PM, Matt Zagrabelny <mzagrabe@xxxxxxxxx> wrote: > On Wed, 2010-02-17 at 22:06 +0200, Oguz Yilmaz wrote: >> On a bridge setup, I want to filter http traffic transparently through >> Squid. br0 bridge is between eth0 and eth1. >> In the bridged traffic there are some tagged VLANs. >> >> When I run tcpdump on br0 I see all the traffic from VLANs. At this >> point a DNAT (VLAN10Subnet - Any - http => Original - Localhost - >> 8080) does not work. >> >> When enabled VLANs by vconfig: >> vconfig add br0 26 >> >> I see br0.26 interface in ifconfig output. >> >> And DNAT is working. When I DNAT the traffic into port 8080 on >> localhost to Squid, I see that Squid gets the traffic and logs it into >> the log file. However, proxying will not happen. Reply can not be >> delivered to the original requester. We broke the connection. On the >> user side, HTTP traffic is cut. > > Is this due to the TCP triangle problem? > > http://jengelh.medozas.de/images/dnat-mistake.png > > > -- > Matt Zagrabelny - mzagrabe@xxxxxxxxx - (218) 726 8844 > University of Minnesota Duluth > Information Technology Systems & Services > PGP key 4096R/42A00942 2009-12-16 > Fingerprint: 5814 2CCE 2383 2991 83FF C899 07E2 BFA8 42A0 0942 > > He is not a fool who gives up what he cannot keep to gain what he cannot > lose. > -Jim Elliot > -- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
