From: "Henrik Nordstrom" <henrik@xxxxxxxxxxxxxxxxxxx> > > ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \ > -i eth0 --ip-source your.lan.network/mask \ > --ip-destination-port 80 -j redirect --redirect-target ACCEPT If you look at the http://ebtables.sourceforge.net/examples.html#easy, it says when re-direct on ethX, it should be DROP instead of accept, while doing it on brX, then it should be ACCEPT. I am no ebtables expert, correctly if I am wrong. :-) > If you are to use TPROXY then I'd recommend using the bridge-netfilter > integration instead of ebtables. I lost you, what do you mean by bridge-netfilter integration. Any URL ? > This because TPROXY needs to intercept > the return traffic as well, not just lan->internet traffic. It's > possible to add ebtables rules for this by doing rules inverse to the > above. > > > ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \ > --ip-destination your.lan.network/mask \ > --ip-source-port 80 -j redirect --redirect-target ACCEPT > Hmmm interesting. I do not have this rule in my system and I am able to surf the NET via the bridge/squid ( if I set up proper routing ). Now you make me wonder if I have set it up correctly. It seems to me that the internet-->lan traffic is already heading into the bridge, so there is no need to hijack it again. Am I missing something ? Regards.
