[LARTC] filter policy drop and allow transparent proxy

To:	<lartc@mailman.ds9a.nl>
Subject:	[LARTC] filter policy drop and allow transparent proxy
From:	"William Bohannan" <WBohannan@spidersat.com.gh>
Date:	Fri, 29 Dec 2006 03:21:45 +0900
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	lartc-list@securepoint.com
Delivered-to:	lartc@outpost.ds9a.nl
List-archive:	<http://mailman.ds9a.nl/pipermail/lartc>
List-help:	<mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id:	"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>
List-post:	<mailto:lartc@mailman.ds9a.nl>
List-subscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
Sender:	lartc-bounces@mailman.ds9a.nl
Thread-index:	AccqrQfAWdNUNxyxSm2F2C/Ypqh2PQ==
Thread-topic:	filter policy drop and allow transparent proxy

Trying to use the policy drop rule with the bridged firewall, when I
removed the first line the transparent proxy works great?  It seems a
bit strange as from reading several articles on it I thought the
following occurs.  
1st line - if it doest match it gets dropped on the local filter input.
2nd line - redirects the traffic off the link layer into the network
layer ready for line 3.
3rd line - redirects the port 80 to 8080 and then goes to the local
process (squid) through the input filter
4th line - input filter accepts the traffic over riding the global
reject policy. 

iptables -P INPUT DROP
ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6
--ip-destination-port 80 -j redirect --redirect-target ACCEPT
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT
--to-port 8080
iptables -A INPUT -p tcp --dport 80 -m physdev --physdev-in eth1
--physdev-out eth0 -j ACCEPT

Any help would be most welcome.

Kind Regards
William

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

<Prev in Thread]	Current Thread	[Next in Thread>
[LARTC] filter policy drop and allow transparent proxy, William Bohannan <= Re: [LARTC] filter policy drop and allow transparent proxy, Jasbir Khehra RE: [LARTC] filter policy drop and allow transparent proxy, William Bohannan Re: [LARTC] filter policy drop and allow transparent proxy, Jasbir Khehra RE: [LARTC] filter policy drop and allow transparent proxy, William Bohannan

Previous by Date:	[LARTC] How to add a route to a network via 2 gateways., Indunil Jayasooriya
Next by Date:	Re: [LARTC] filter policy drop and allow transparent proxy, Jasbir Khehra
Previous by Thread:	[LARTC] How to add a route to a network via 2 gateways., Indunil Jayasooriya
Next by Thread:	Re: [LARTC] filter policy drop and allow transparent proxy, Jasbir Khehra
Indexes:	[Date] [Thread] [Top] [All Lists]