Hello,
Many thanks for all reply to my Bridge Transparent
Proxy post.
But, please let me know more how to enable "netfilter
Bridge Support" in kernel. Can I add a linke
CONFIG_BRIDGE_NETFILTER=y" in /etc/sysctl.conf ??
And, in the second iptables command what is physdev
and physdev-in?? Does this mean physdev= eth0 and
physdev-in = eth1??
Sorry for my quetion. I am newbie in iptables and
don't understand very well?
My another qutesion is, do I need to use NAT command
in iptables? As I have all public address and why I
have to use NAT to redirect?
Jon.
--- Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx>
wrote:
> Hello,
>
> Robert LeBlanc a écrit :
> > You will need to look at ebtables. Bridging will
> bypass iptables.
>
> Bridged IPv4 packets traverse the iptables chains if
> the kernel was
> compiled with Netfilter bridge support
> (CONFIG_BRIDGE_NETFILTER=y). It
> allows finer filtering than ebtables, for instance
> accepting only
> outgoing HTTP/HTTPS connections and related ICMP
> messages in both
> directions thanks to connection tracking, e.g. :
>
> iptables -A FORWARD -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -m physdev --physdev-in eth1 -m
> state --state NEW \
> -p tcp -m multiport --dports 80,443 -j ACCEPT
>
>
____________________________________________________________________________________Luggage? GPS? Comic books?
Check out fitting gifts for grads at Yahoo! Search
http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz
