Router - LinuxBridge - Backbone -- 10.0.0.0/8 , 10.20.0.0/16 test net
|
|
|(eth1)
--------> Management Interface 10.101.101.10
# brctl show br0
bridge name bridge id STP enabled interfaces
br0 0000.00900b2a6f44 no eth16
eth17
br0 Link encap:Ethernet HWaddr 00:90:0B:2A:6F:44
--
eth1 Link encap:Ethernet HWaddr 00:90:0B:2C:80:A2
inet addr:10.101.101.10 Bcast:10.101.101.255 Mask:255.255.255.0
--
eth16 Link encap:Ethernet HWaddr 00:90:0B:2A:6F:44
--
eth17 Link encap:Ethernet HWaddr 00:90:0B:2A:6F:45
br0 is formed with eth16 and eth17. eth16, eth17 and br0 has ifconfig
"0.0.0.0 up". That is no IP set.
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.101.101.1 0.0.0.0 UG 0 0 0 eth1
10.101.101.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
There are lots of clients within subnets other then 10.101.101.0
management subnet behind backbone. My test net is 10.20.0.0/16
I am trying to transparently cache http traffic.
# iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT
--to-destination 10.101.101.10:3128
Alternatively,
# ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-source
10.20.0.0/16 --ip-destination-port 80 -j redirect --redirect-target
ACCEPT
# iptables -t nat -A PREROUTING -i br0 -p tcp -s 10.20.0.0/16 --dport
80 -j REDIRECT --to-port 3127
I see packet counters increasing in iptables stats. However squid can
not reply back to the clients. Internet stops for clients.
Is it possible to transparently redirect traffic as such? What do you
suggest to make it work?
Best Regards,
--
Oguz YILMAZ
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
