-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I believe you need ebtables to do any real firewalling with a bridged
system. Which requires a kernel patch and the ebtables package.
Thanks,
Ron DuFresne
On Wed, 21 Mar 2007, Ricardo Meechan wrote:
Hi all, hope you can help me with this little problem!
For the past couple of years we have had a linux machine (fedora) running as
a bridged/transparent router between our windows servers (that has a public
IP) and the gateway router (provided by BT).
Everything has been great but I'm looking to add a little more
functionality...
I want all http 80 traffic that is about to leave the network (entering the
bridged router) to redirect into another server running squid.
The problem is the routing of data.
I have tried many options but to no avail.
I added the following rule to the nat prerouting using only one of the
servers as a source for testing.:
-A PREROUTING -p tcp -s 194.72.xxx.xxx --dport 80 -j DNAT --to-destination
192.168.x.x:80
But nothing happens. I tried the destination address as a 194.72 but it also
didnt work.
Routes are all working and the servers/squid/bridge (has a local ip on br0)
can talk to each other ok. ipv4 forwarding is enabled.
I probably haven't been detailed enough but if anyone has any solutions or
require more info then I would really really appreciate your help!
Many thanks in advance!
rico.
# uname -r
2.6.19-1.2911.6.5.fc6
[root@xxxxxxx~]# ifconfig
br0 Link encap:Ethernet HWaddr 00:02:B3:B4:60:20
inet6 addr: fe80::202:b3ff:feb4:6020/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26881 errors:0 dropped:0 overruns:0 frame:0
TX packets:10798 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1813830 (1.7 MiB) TX bytes:2222767 (2.1 MiB)
br0:0 Link encap:Ethernet HWaddr 00:02:B3:B4:60:20
inet addr:192.168.xxx.xxx Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
br0:1 Link encap:Ethernet HWaddr 00:02:B3:B4:60:20
inet addr:194.72.xxx.xxx Bcast:194.72.111.191
Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0 Link encap:Ethernet HWaddr 00:02:B3:B4:60:20
inet6 addr: fe80::202:b3ff:feb4:6020/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:141519 errors:0 dropped:0 overruns:0 frame:0
TX packets:139218 errors:0 dropped:0 overruns:0 carrier:0
collisions:1176 txqueuelen:1000
RX bytes:21761332 (20.7 MiB) TX bytes:111661372 (106.4 MiB)
eth1 Link encap:Ethernet HWaddr 00:02:B3:B4:60:21
inet6 addr: fe80::202:b3ff:feb4:6021/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:157758 errors:0 dropped:0 overruns:0 frame:0
TX packets:143081 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:112414496 (107.2 MiB) TX bytes:21491683 (20.4 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:50 errors:0 dropped:0 overruns:0 frame:0
TX packets:50 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4510 (4.4 KiB) TX bytes:4510 (4.4 KiB)
iptables:
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFGAcy0st+vzJSwZikRAhgBAJ48MJe7CStj7j/29jL5MfumsavbPACeOt0V
4to/DhoM3eRH70Y4s8ruXUQ=
=zz1N
-----END PGP SIGNATURE-----
