fre 2007-07-06 klockan 11:07 +0800 skrev Ming-Ching Tiew: > I think I fixed the issue by changing the ebtables rule to :- > > ebtables -t broute -A BROUTING --logical-in br0 -p IPv4 --ip-protocol 6 \ > --ip-destination-port 80 -j redirect --redirect-target DROP Should be ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \ -i eth0 --ip-source your.lan.network/mask \ --ip-destination-port 80 -j redirect --redirect-target ACCEPT with eth0 being the interface connected to your LAN, and your.lan.network/mask the IP network used on your LAN. Do NOT redirects networks for which you do not have routing configured, doing so will not work. If you are to use TPROXY then I'd recommend using the bridge-netfilter integration instead of ebtables. This because TPROXY needs to intercept the return traffic as well, not just lan->internet traffic. It's possible to add ebtables rules for this by doing rules inverse to the above. ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \ --ip-destination your.lan.network/mask \ --ip-source-port 80 -j redirect --redirect-target ACCEPT Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
