On 01/25/2011 11:14 AM, Pieter De Wit wrote:
Hi Ben,
I suspect that will do the trick :)
It seems it was a tad more tricky, but this appears to be working:
sbin/ebtables -t broute -A BROUTING -i br0 --logical-in veth2 -p IPv4 --ip-protocol 6 --ip-destination-port 80 -j redirect --redirect-target ACCEPT
/sbin/iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -m physdev --physdev-in veth2 -j REDIRECT --to-port 3128
The 'veth2' interface is the downstream port.
Thanks,
Ben
Let us know
Cheers,
Pieter
On Tue, 25 Jan 2011, Ben Greear wrote:
On 01/25/2011 10:36 AM, Ben Greear wrote:
On 01/25/2011 10:06 AM, Pieter De Wit wrote:
Hi Ben,
On 26/01/2011 06:55, Ben Greear wrote:
On 01/25/2011 09:48 AM, Pieter De Wit wrote:
Hi Ben,
There sure is :)
Change the IP Tables rule at the bottom to something like this:
/sbin/iptables -t nat -A PREROUTING -i br0 -p tcp -s 192.168.0.0/24
--dport 80 -j REDIRECT --to-port 3128
Replace the 192.168 with your network. Keep in mind that you can have
multiples of these :)
In a nutshell, IP Tables was making each request (even from the
outside
world) go via Squid.
Do you happen to know if it can be done based on incoming (real) port
so we don't have to care about IP addresses?
You can, but that is not guaranteed, since the source port should be
assigned at random by the OS. Keep in mind that this will be
Chrome/IE/Firefox/<insert browser here> that makes the connection.
Having re-read your suggestion, are you not referring to the ethernet
port ?
I mean ethernet port/interface, something like '-i br0
--original-input-dev eth0'
If nothing comes to mind immediately, don't worry..I'll go read man
pages :)
Looks like '--physdev-in eth0'
might do the trick..we'll do some testing.
Thanks,
Ben
Thanks,
Ben
--
Ben Greear <greearb@xxxxxxxxxxxxxxx>
Candela Technologies Inc http://www.candelatech.com
--
Ben Greear <greearb@xxxxxxxxxxxxxxx>
Candela Technologies Inc http://www.candelatech.com
