Re: Bridge Transparent Proxy

[Jon Tim <lcguy229@yahoo.com>]

Hello,

Many thanks for all reply to my Bridge Transparent
Proxy post.

But, please let me know more how to enable "netfilter
Bridge Support" in kernel. Can I add a linke
CONFIG_BRIDGE_NETFILTER=y" in /etc/sysctl.conf ??

And, in the second iptables command what is physdev
and physdev-in?? Does this mean physdev= eth0 and
physdev-in = eth1??

Sorry for my quetion. I am newbie in iptables and
don't understand very well?

My another qutesion is, do I need to use NAT command
in iptables? As I have all public address and why I
have to use NAT to redirect?

Jon.



--- Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
wrote:

> Hello,
> 
> Robert LeBlanc a écrit :
> > You will need to look at ebtables. Bridging will
> bypass iptables.
> 
> Bridged IPv4 packets traverse the iptables chains if
> the kernel was 
> compiled with Netfilter bridge support
> (CONFIG_BRIDGE_NETFILTER=y). It 
> allows finer filtering than ebtables, for instance
> accepting only 
> outgoing HTTP/HTTPS connections and related ICMP
> messages in both 
> directions thanks to connection tracking, e.g. :
> 
> iptables -A FORWARD -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -m physdev --physdev-in eth1 -m
> state --state NEW \
>    -p tcp -m multiport --dports 80,443 -j ACCEPT
> 
> 



       
____________________________________________________________________________________Luggage?
 GPS? Comic books? 
Check out fitting gifts for grads at Yahoo! Search
http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz