Re: [LARTC] filter policy drop and allow transparent proxy

To:	lartc@mailman.ds9a.nl
Subject:	Re: [LARTC] filter policy drop and allow transparent proxy
From:	Jasbir Khehra <jasbir.k@gmail.com>
Date:	Fri, 29 Dec 2006 14:10:29 +0530
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	lartc-list@securepoint.com
Delivered-to:	lartc@outpost.ds9a.nl
Domainkey-signature:	a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=dFThKRKuJfolNkwGXUOoKH6ESwIGgAv86/04K4h2+2KJHkuvgNKBmmbe4KtbbJKhClINz1vyWyrV+AFOHoEV1eaJG6BONYePgafT5GnJOMfq5tG130rK3Hziwd7NOyIgvYkKZOpJ5o0x9DgGpPnpRwnwL2OtVx9GjmH8i1ZncOc=
In-reply-to:	<4D411FB02758FE45915E9724339093F61A7136@intranet.scpl.local>
List-archive:	<http://mailman.ds9a.nl/pipermail/lartc>
List-help:	<mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id:	"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>
List-post:	<mailto:lartc@mailman.ds9a.nl>
List-subscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
References:	<4D411FB02758FE45915E9724339093F61A7136@intranet.scpl.local>
Reply-to:	jasbir.k@gmail.com
Sender:	lartc-bounces@mailman.ds9a.nl
User-agent:	Thunderbird 1.5.0.8 (X11/20061115)

William Bohannan wrote:

Thanks for the quick response Jasbir.  Tried doing as you said with no
luck, changed dport to port 8080 on the 4th line (see below).  Same as
before if you remove line 1 the transparent proxy works.


iptables -P INPUT DROP
ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6
--ip-destination-port 80 -j redirect --redirect-target ACCEPT
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT
--to-port 8080
iptables -A INPUT -p tcp --dport 8080 -m physdev --physdev-in eth1
--physdev-out eth0 -j ACCEPT

Kind Regards

William

Need to do some debugging.

Set default INPUT policy to ACCEPT and add various rules in the INPUTchain (without any target action ) to verify which rules are matching.


for example:
iptables -A INPUT -p tcp --dport 8080 -m physdev --physdev-in eth1
 --physdev-out eth0
iptables -A INPUT -p tcp --dport 8080 -m physdev --physdev-in eth0
 --physdev-out eth1
iptables -A INPUT -p tcp --dport 8080 -i br0
Then check out the output of:
iptables -nvL INPUT
HTH
Jasbir
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

<Prev in Thread]	Current Thread	[Next in Thread>
[LARTC] filter policy drop and allow transparent proxy, William Bohannan Re: [LARTC] filter policy drop and allow transparent proxy, Jasbir Khehra RE: [LARTC] filter policy drop and allow transparent proxy, William Bohannan Re: [LARTC] filter policy drop and allow transparent proxy, Jasbir Khehra <= RE: [LARTC] filter policy drop and allow transparent proxy, William Bohannan

Previous by Date:	[LARTC] Packet dropping schemes, Jonathan Day
Next by Date:	[LARTC] Fwd: How to add a route to a network via 2 gateways., Indunil Jayasooriya
Previous by Thread:	RE: [LARTC] filter policy drop and allow transparent proxy, William Bohannan
Next by Thread:	RE: [LARTC] filter policy drop and allow transparent proxy, William Bohannan
Indexes:	[Date] [Thread] [Top] [All Lists]