2009/10/7 Brian Austin - Standard Universal <brian@xxxxxxxxxxxxxxxxxxxxxxxx>:
> you could list your rules to prove that they look ok.
>
> iptables -t nat --list -V
>
I've tried changing br-lan to br0 and enclosing it in quotes but neither work.
Here is the output from the above
# iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 4 packets, 532 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- br0 any anywhere
anywhere tcp dpt:80 redir ports 3128
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
And again, testing DROPing instead
# iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 4 packets, 532 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- br0 any anywhere
anywhere tcp dpt:80
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
With both these rules in place I've ran tcpdump and watched traffic go
over br0 on port 80.
What does the 4 packets and 532 bytes mean? That doesn't seem to be
increasing as I do anything and isn't reset when I do a flush.
Robin
>
>
> Rakotomandimby Mihamina wrote:
>>
>> 10/07/2009 02:44 PM, Robin Wood::
>>>
>>> br-lan
>>> What am I doing wrong?
>>
>> IMHO, the "-" in br-lan is wrong.
>> escape/protect it with "br-lan" or something like that.
>>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
