Hi Jorge,
Thus spake Jorge Augusto Senger (jorge@br10.com.br) on Wed, May 16, 2007 at
09:42:18AM -0300:
>
> I'm loosing my mind trying to configure a bridge with transparent proxy.
> Here is the scenario, very simple:
>
> [ INTERNET ] <--- eth0 ---> [ BRIDGE ] <--- eth1 ---> [ LAN ]
>
> Well, the bridging functions are working fine. The traffic is passing
> trough and I can filter using iptables and ebtables.
> But, I can't use -j REDIRECT to some local port. When I put a rule
> redirecting traffic on www port to local proxy port, the counters shows
> packets passing trough, but nothing happens.
> Wondering if it was a squid problem, I tryed to redirect the traffic in
> some high port (8000) to port 22 on localhost. Nothing happened too.
>
> About my machine:
>
> Debian Sarge
> Kernel 2.6.18 (compiled with all bridge modules)
> Iptables 1.3.6 (patched with L7)
>
> Rules:
>
> ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \
> - --ip-destination-port 80 -j redirect --redirect-target ACCEPT
>
> iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 \
> - -j REDIRECT --to-port 3128
You probably don't want -i br0. br0 is a "virtual" interface on
the bridge. (Think BVI or SVI if you are familiar with Cisco IOS)
Here's an example from a production system:
/usr/local/sbin/brctl addbr br3670
/usr/local/sbin/brctl stp br3670 off
/usr/local/sbin/brctl addif br3670 eth1
/usr/local/sbin/brctl addif br3670 eth0
/sbin/iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT
/sbin/iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|