fre 2007-07-06 klockan 09:41 +0800 skrev Ming-Ching Tiew: > However, if there is a subnet B, which is connected to subnet A, via > a router R, then all the machines inside subnet B will have problem > getting the http reply packets but http request packets have no > problem going out. Do your proxy have a return path route for subnet B? > Then I added a route inside the Bridge/Squid S for the subnet B via > router R, then the web request/reply problem is solved. Ah, you didn't.. You need routing for all sessions you intercept, or the proxy server won't know where to return traffic.. > It seems then to me that the http reply ( source port 80 ) has also be > directed ***INTO*** the Bridge/Squid S. Why is that so ? Why didn't the > Bridge/Squid forward the reply packet to the other side of the > interface ? I'd say that your ebtables rules is perhaps a bit too broad.. a packet matched by the ebtables redirect rule will be diverted from the bridge into the TCP/IP stack to be routed, NAT:ed etc.. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
