On 25/09/2013 5:37 a.m., psd17j-jacob wrote:
Hey guys, Thanks for all the suggestions and feedback. I really appreciate your time. I'd like to stick to (attempting) to use DG because I've already come so far. It just seems to be this little bridge issue. I followed the link and added the following lines: ebtables -t broute -A BROUTING -i eth1 -p ipv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP ebtables -t broute -A BROUTING -i eth0 -p ipv6 --ip6-proto tcp --ip6-sport 80 -j redirect --redirect-target DROP ebtables -t broute -A BROUTING -i eth0 -p ipv4 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP unfortunately that did not help. Do you have any other suggestions as to what may help? The current rules are: ebtables: :BROUTING ACCEPT -A BROUTING -p IPv4 --ip-proto tcp --ip-dport 80 -j redirect -A BROUTING -p IPv4 --ip-proto tcp --ip-dport 443 -j redirect
Try removing these top ones. They overlap and likey clash with the rest.
-A BROUTING -p IPv4 -i eth1 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP -A BROUTING -p IPv6 -i eth0 --ip6-proto tcp --ip6-sport 80 -j redirect --redirect-target DROP -A BROUTING -p IPv4 -i eth0 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP
Double-check those interface names.
iptables: :OUTPUT ACCEPT [3:228] -A PREROUTING -i br0.9 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 -A PREROUTING -i br0.9 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8080
I think you can drop the interface names here. The routing rules never get to see any bridged packets, so only the ones which the ebtables rules DROP will ever get here. "br0.9" looks like an alias to me, which do not actually exist outside of ifconfigs display, so removing that will likely produce a rule that matches the real interface on packets.
-A PREROUTING -p tcp -m tcp --dport 3128 -j REDIRECT --to-ports 8080
Amos
