* Problem using transparent proxy and iptables 1.3.1 @ 2005-05-25 14:42 Rafael Vallejo 2005-05-25 17:20 ` Subnets: Make Static Route or Iptables Rules Mike 2005-05-25 20:33 ` Problem using transparent proxy and iptables 1.3.1 Ron Peterson 0 siblings, 2 replies; 6+ messages in thread From: Rafael Vallejo @ 2005-05-25 14:42 UTC (permalink / raw) To: netfilter Hello list I'm having a problem with iptables, we recently instaled version 1.3.1 on a Linux Kernel 2.6.10 This rule that used to work on former versions of iptables no longer work on 1.3.1 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-ports 3128 Any ideas? ^ permalink raw reply [flat|nested] 6+ messages in thread
* Subnets: Make Static Route or Iptables Rules 2005-05-25 14:42 Problem using transparent proxy and iptables 1.3.1 Rafael Vallejo @ 2005-05-25 17:20 ` Mike 2005-05-26 12:09 ` Eduardo Spremolla 2005-05-25 20:33 ` Problem using transparent proxy and iptables 1.3.1 Ron Peterson 1 sibling, 1 reply; 6+ messages in thread From: Mike @ 2005-05-25 17:20 UTC (permalink / raw) To: netfilter I have a linux routerbox with 3 nics.: ppp0 goes to the internet service provider eth1 serves as gateway to a subnet eth2 serves as gateway to another subnet I want LAN clients from subnet eth2 to be able to access a Samba Server box located on subnet eth1 I have tried making a static route using --- route -n add <destination> <gateway> but all I get no matter what I try is: SIOCADDRT: No such device Here's my route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 204.60.4.34 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 64.204.68.128 0.0.0.0 255.255.255.248 U 0 0 0 eth0 192.168.170.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.169.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo 0.0.0.0 204.60.4.34 0.0.0.0 UG 0 0 0 ppp0 As a result of trying out a few extra iptables rules, I can now ping the eth1 gateway from the eth2 subnet clients, but I still cannot ping/reach the Samba server box on the eth1 subnet. Here's the rules I've added in hopes of making a proper path from subnet eth2 to eth1: $IPTABLES -t nat -A PREROUTING -p tcp -i eth1 --source 192.168.170.0/24 -j DNAT --to-destination 192.168.169.2 $IPTABLES -t nat -A PREROUTING -p udp -i eth1 --source 192.168.170.0/24 -j DNAT --to-destination 192.168.169.2 and $IPTABLES -t filter -A INPUT -i eth1 --source 192.168.170.0/24 -j ACCEPT and $IPTABLES -t filter -A FORWARD -i eth1 --source 192.168.170.0/24 -j ACCEPT Again, to be clear, clients on subnet eth2 can ping the gateway nic (eth1), but cannot ping the samba box located on subnet eth1. If I can just ping that box, I can config Samba the rest of the way. So I'm not sure if what I need for this is to create a static route, or whether iptables rules are all I need. Thank you for your time and patience in reading this post. Regards, Mike ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Subnets: Make Static Route or Iptables Rules 2005-05-25 17:20 ` Subnets: Make Static Route or Iptables Rules Mike @ 2005-05-26 12:09 ` Eduardo Spremolla 2005-05-26 16:25 ` Mike 0 siblings, 1 reply; 6+ messages in thread From: Eduardo Spremolla @ 2005-05-26 12:09 UTC (permalink / raw) To: Mike; +Cc: netfilter You need to allow forwarding in both directions: $IPTABLES -t filter -A FORWARD -i eth1 --source 192.168.169.0/24 -j ACCEPT $IPTABLES -t filter -A FORWARD -i eth2 --source 192.168.170.0/24 -j ACCEPT The prerouting Dnat is not required, be sure not to nat eth1 to eth2 traffic. LALO On Wed, 2005-05-25 at 13:20 -0400, Mike wrote: > I have a linux routerbox with 3 nics.: > > ppp0 goes to the internet service provider > eth1 serves as gateway to a subnet > eth2 serves as gateway to another subnet > > I want LAN clients from subnet eth2 to be able to access a Samba > Server box located on subnet eth1 > > I have tried making a static route using --- route -n add > <destination> <gateway> but all I get no matter what I try is: > SIOCADDRT: No such device > > Here's my route -n > > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 204.60.4.34 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > 64.204.68.128 0.0.0.0 255.255.255.248 U 0 0 0 eth0 > 192.168.170.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 > 192.168.169.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > 127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo > 0.0.0.0 204.60.4.34 0.0.0.0 UG 0 0 0 ppp0 > > As a result of trying out a few extra iptables rules, I can now ping > the eth1 gateway from the eth2 subnet clients, but I still cannot > ping/reach the Samba server box on the eth1 subnet. > > Here's the rules I've added in hopes of making a proper path from > subnet eth2 to eth1: > > $IPTABLES -t nat -A PREROUTING -p tcp -i eth1 --source > 192.168.170.0/24 -j DNAT --to-destination 192.168.169.2 > $IPTABLES -t nat -A PREROUTING -p udp -i eth1 --source > 192.168.170.0/24 -j DNAT --to-destination 192.168.169.2 > > and > > $IPTABLES -t filter -A INPUT -i eth1 --source 192.168.170.0/24 -j ACCEPT > > and > > $IPTABLES -t filter -A FORWARD -i eth1 --source 192.168.170.0/24 -j ACCEPT > > Again, to be clear, clients on subnet eth2 can ping the gateway nic > (eth1), but cannot ping the samba box located on subnet eth1. > > If I can just ping that box, I can config Samba the rest of the way. > > So I'm not sure if what I need for this is to create a static route, > or whether iptables rules are all I need. > > Thank you for your time and patience in reading this post. > > Regards, > > Mike > Este e-mail y cualquier posible archivo adjunto está dirigido únicamente al destinatario del mensaje y contiene información que puede ser confidencial. Si Ud. no es el destinatario correcto por favor notifique al remitente respondiendo este mensaje y elimine inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su sistema. Está prohibida cualquier utilización, difusión o copia de este e-mail por cualquier persona o entidad que no sean las específicas destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con respecto a cualquier comunicación que haya sido emitida incumpliendo nuestra Política de Seguridad de la Información. . . . . . . . . . This e-mail and any attachment is confidential and is intended solely for the addressee(s). If you are not intended recipient please inform the sender inmediately, answering this e-mail and delete it as well as the attached files. Any use, circulation or copy of this e-mail by any person or entity that not is the specific addressee(s) is prohibited. ANTEL is not responsible for any communication emitted without respecting our Information Security Policy. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Subnets: Make Static Route or Iptables Rules 2005-05-26 12:09 ` Eduardo Spremolla @ 2005-05-26 16:25 ` Mike [not found] ` <1117133286.4318.5.camel@fly.in.iantel.com.uy> 0 siblings, 1 reply; 6+ messages in thread From: Mike @ 2005-05-26 16:25 UTC (permalink / raw) To: Eduardo Spremolla; +Cc: netfilter Eduardo, Thank you for the reply. I'm wondering if your example should be reversed like this: $IPTABLES -t filter -A FORWARD -i eth2 --source 192.168.169.0/24 -j ACCEPT $IPTABLES -t filter -A FORWARD -i eth1 --source 192.168.170.0/24 -j ACCEPT Hmm, I've tried both ways, and something is still wrong. I can ping 192.168.170.5 ---> 192.168.169.1 But I cannot ping 192.168.170.5 ---> 192.168.169.2 (the Samba box, iptables off so no firewall issues). This is very strange. Please reply if you have a moment; I can post my whole iptables setup from the routerbox if that is helpful. Best regards, Mike On 5/26/05, Eduardo Spremolla <edspremolla@antel.com.uy> wrote: > You need to allow forwarding in both directions: > $IPTABLES -t filter -A FORWARD -i eth1 --source 192.168.169.0/24 -j > ACCEPT > $IPTABLES -t filter -A FORWARD -i eth2 --source 192.168.170.0/24 -j > ACCEPT > > The prerouting Dnat is not required, be sure not to nat eth1 to eth2 > traffic. > > LALO > > On Wed, 2005-05-25 at 13:20 -0400, Mike wrote: > > I have a linux routerbox with 3 nics.: > > > > ppp0 goes to the internet service provider > > eth1 serves as gateway to a subnet > > eth2 serves as gateway to another subnet > > > > I want LAN clients from subnet eth2 to be able to access a Samba > > Server box located on subnet eth1 > > > > I have tried making a static route using --- route -n add > > <destination> <gateway> but all I get no matter what I try is: > > SIOCADDRT: No such device > > > > Here's my route -n > > > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric Ref Use Iface > > 204.60.4.34 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > > 64.204.68.128 0.0.0.0 255.255.255.248 U 0 0 0 eth0 > > 192.168.170.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 > > 192.168.169.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > > 127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo > > 0.0.0.0 204.60.4.34 0.0.0.0 UG 0 0 0 ppp0 > > > > As a result of trying out a few extra iptables rules, I can now ping > > the eth1 gateway from the eth2 subnet clients, but I still cannot > > ping/reach the Samba server box on the eth1 subnet. > > > > Here's the rules I've added in hopes of making a proper path from > > subnet eth2 to eth1: > > > > $IPTABLES -t nat -A PREROUTING -p tcp -i eth1 --source > > 192.168.170.0/24 -j DNAT --to-destination 192.168.169.2 > > $IPTABLES -t nat -A PREROUTING -p udp -i eth1 --source > > 192.168.170.0/24 -j DNAT --to-destination 192.168.169.2 > > > > and > > > > $IPTABLES -t filter -A INPUT -i eth1 --source 192.168.170.0/24 -j ACCEPT > > > > and > > > > $IPTABLES -t filter -A FORWARD -i eth1 --source 192.168.170.0/24 -j ACCEPT > > > > Again, to be clear, clients on subnet eth2 can ping the gateway nic > > (eth1), but cannot ping the samba box located on subnet eth1. > > > > If I can just ping that box, I can config Samba the rest of the way. > > > > So I'm not sure if what I need for this is to create a static route, > > or whether iptables rules are all I need. > > > > Thank you for your time and patience in reading this post. > > > > Regards, > > > > Mike > > > > > Este e-mail y cualquier posible archivo adjunto está dirigido únicamente al destinatario del mensaje y contiene información que puede ser confidencial. Si Ud. no es el destinatario correcto por favor notifique al remitente respondiendo este mensaje y elimine inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su sistema. Está prohibida cualquier utilización, difusión o copia de este e-mail por cualquier persona o entidad que no sean las específicas destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con respecto a cualquier comunicación que haya sido emitida incumpliendo nuestra Política de Seguridad de la Información. > . . . . . . . . . > This e-mail and any attachment is confidential and is intended solely for the addressee(s). If you are not intended recipient please inform the sender inmediately, answering this e-mail and delete it as well as the attached files. Any use, circulation or copy of this e-mail by any person or entity that not is the specific addressee(s) is prohibited. ANTEL is not responsible for any communication emitted without respecting our Information Security Policy. > ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <1117133286.4318.5.camel@fly.in.iantel.com.uy>]
* Re: Subnets: Make Static Route or Iptables Rules [not found] ` <1117133286.4318.5.camel@fly.in.iantel.com.uy> @ 2005-05-26 19:38 ` Mike 0 siblings, 0 replies; 6+ messages in thread From: Mike @ 2005-05-26 19:38 UTC (permalink / raw) To: Eduardo Spremolla; +Cc: netfilter but the traffic coming in from eth2 to eth1 will have a source range of 192.168.170.x yes/no? Here's the routerbox firewall rules: echo " Flushing any pre-existing rules and setting default policy." $IPTABLES -t filter -F $IPTABLES -t nat -F $IPTABLES -t mangle -F echo " Setting Filter/Nat/Mangle Policies." $IPTABLES -t filter -P INPUT DROP $IPTABLES -t filter -P OUTPUT DROP $IPTABLES -t filter -P FORWARD DROP $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT $IPTABLES -t mangle -P INPUT ACCEPT $IPTABLES -t mangle -P OUTPUT ACCEPT $IPTABLES -t mangle -P FORWARD ACCEPT $IPTABLES -t mangle -P PREROUTING ACCEPT $IPTABLES -t mangle -P POSTROUTING ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp --dport 6346 -i ppp0 -j DNAT --to-destination 192.168.170.5 $IPTABLES -t nat -A PREROUTING -p udp --dport 6346 -i ppp0 -j DNAT --to-destination 192.168.170.5 echo " Filter Input Rules." $IPTABLES -t filter -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -t filter -A INPUT -i ppp0 -m state --state INVALID -j DROP $IPTABLES -t filter -A INPUT -i lo -j ACCEPT $IPTABLES -t filter -A INPUT -i eth1 -j ACCEPT $IPTABLES -t filter -A INPUT -i eth2 -j ACCEPT echo " Filter Output Rules." $IPTABLES -t filter -A OUTPUT -o ppp0 -j ACCEPT $IPTABLES -t filter -A OUTPUT -o ppp0 -m state --state INVALID -j DROP $IPTABLES -t filter -A OUTPUT -o lo -j ACCEPT $IPTABLES -t filter -A OUTPUT -o eth1 -j ACCEPT $IPTABLES -t filter -A OUTPUT -o eth2 -j ACCEPT echo " Filter Forward Rules." $IPTABLES -t filter -A FORWARD -i ppp0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -t filter -A FORWARD -i ppp0 -o eth2 -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -t filter -A FORWARD -i ppp0 -o eth1 -m state --state INVALID -j DROP $IPTABLES -t filter -A FORWARD -i ppp0 -o eth2 -m state --state INVALID -j DROP $IPTABLES -t filter -A FORWARD -i eth1 -o ppp0 -j ACCEPT $IPTABLES -t filter -A FORWARD -i eth2 -o ppp0 -j ACCEPT $IPTABLES -t filter -A FORWARD -i eth1 --source 192.168.170.0/24 -j ACCEPT $IPTABLES -t filter -A FORWARD -i eth2 --source 192.168.169.0/24 -j ACCEPT #$IPTABLES -t filter -A FORWARD -o eth1 --source 192.168.170.0/24 -j ACCEPT #$IPTABLES -t filter -A FORWARD -o eth2 --source 192.168.170.0/24 -j ACCEPT echo " Enable SNAT MASQUERADE to Internet." $IPTABLES -t nat -A POSTROUTING -o ppp0 -j MASQUERADE echo " Now Go Ahead And Enable IP Forwarding." echo "1" > /proc/sys/net/ipv4/ip_forward On 5/26/05, Eduardo Spremolla <edspremolla@antel.com.uy> wrote: > According to your routing table: > > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 204.60.4.34 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > 64.204.68.128 0.0.0.0 255.255.255.248 U 0 0 0 eth0 > 192.168.170.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 > 192.168.169.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > 127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo > 0.0.0.0 204.60.4.34 0.0.0.0 UG 0 0 0 ppp0 > > the 170 subnet is atachet to eth2 and 169 onae to eth1. > > so $IPTABLES -t filter -A FORWARD -i eth1 --source 192.168.169.0/24 -j ACCEPT > > means accept traffic coming in from eth2 with source address in 192.168.169.x range. > > Are you sure not other firewall rule is dropping your pings. > > Go ahead and post the whole iptables-save output. > > LALO > > > On Thu, 2005-05-26 at 12:25 -0400, Mike wrote: > > Eduardo, > > > > Thank you for the reply. > > I'm wondering if your example should be reversed like this: > > > > $IPTABLES -t filter -A FORWARD -i eth2 --source 192.168.169.0/24 -j ACCEPT > > $IPTABLES -t filter -A FORWARD -i eth1 --source 192.168.170.0/24 -j ACCEPT > > > > Hmm, I've tried both ways, and something is still wrong. > > I can ping 192.168.170.5 ---> 192.168.169.1 > > But I cannot ping 192.168.170.5 ---> 192.168.169.2 (the Samba box, > > iptables off so no firewall issues). > > > > This is very strange. > > > > Please reply if you have a moment; I can post my whole iptables setup > > from the routerbox if that is helpful. > > > > Best regards, > > > > Mike > > > > On 5/26/05, Eduardo Spremolla <edspremolla@antel.com.uy> wrote: > > > You need to allow forwarding in both directions: > > > $IPTABLES -t filter -A FORWARD -i eth1 --source 192.168.169.0/24 -j > > > ACCEPT > > > $IPTABLES -t filter -A FORWARD -i eth2 --source 192.168.170.0/24 -j > > > ACCEPT > > > > > > The prerouting Dnat is not required, be sure not to nat eth1 to eth2 > > > traffic. > > > > > > LALO > > > > > > On Wed, 2005-05-25 at 13:20 -0400, Mike wrote: > > > > I have a linux routerbox with 3 nics.: > > > > > > > > ppp0 goes to the internet service provider > > > > eth1 serves as gateway to a subnet > > > > eth2 serves as gateway to another subnet > > > > > > > > I want LAN clients from subnet eth2 to be able to access a Samba > > > > Server box located on subnet eth1 > > > > > > > > I have tried making a static route using --- route -n add > > > > <destination> <gateway> but all I get no matter what I try is: > > > > SIOCADDRT: No such device > > > > > > > > Here's my route -n > > > > > > > > Kernel IP routing table > > > > Destination Gateway Genmask Flags Metric Ref Use Iface > > > > 204.60.4.34 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 > > > > 64.204.68.128 0.0.0.0 255.255.255.248 U 0 0 0 eth0 > > > > 192.168.170.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 > > > > 192.168.169.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > > > > 127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo > > > > 0.0.0.0 204.60.4.34 0.0.0.0 UG 0 0 0 ppp0 > > > > > > > > As a result of trying out a few extra iptables rules, I can now ping > > > > the eth1 gateway from the eth2 subnet clients, but I still cannot > > > > ping/reach the Samba server box on the eth1 subnet. > > > > > > > > Here's the rules I've added in hopes of making a proper path from > > > > subnet eth2 to eth1: > > > > > > > > $IPTABLES -t nat -A PREROUTING -p tcp -i eth1 --source > > > > 192.168.170.0/24 -j DNAT --to-destination 192.168.169.2 > > > > $IPTABLES -t nat -A PREROUTING -p udp -i eth1 --source > > > > 192.168.170.0/24 -j DNAT --to-destination 192.168.169.2 > > > > > > > > and > > > > > > > > $IPTABLES -t filter -A INPUT -i eth1 --source 192.168.170.0/24 -j ACCEPT > > > > > > > > and > > > > > > > > $IPTABLES -t filter -A FORWARD -i eth1 --source 192.168.170.0/24 -j ACCEPT > > > > > > > > Again, to be clear, clients on subnet eth2 can ping the gateway nic > > > > (eth1), but cannot ping the samba box located on subnet eth1. > > > > > > > > If I can just ping that box, I can config Samba the rest of the way. > > > > > > > > So I'm not sure if what I need for this is to create a static route, > > > > or whether iptables rules are all I need. > > > > > > > > Thank you for your time and patience in reading this post. > > > > > > > > Regards, > > > > > > > > Mike > > > > > > > > > > > > > Este e-mail y cualquier posible archivo adjunto está dirigido únicamente al destinatario del mensaje y contiene información que puede ser confidencial. Si Ud. no es el destinatario correcto por favor notifique al remitente respondiendo este mensaje y elimine inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su sistema. Está prohibida cualquier utilización, difusión o copia de este e-mail por cualquier persona o entidad que no sean las específicas destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con respecto a cualquier comunicación que haya sido emitida incumpliendo nuestra Política de Seguridad de la Información. > > > . . . . . . . . . > > > This e-mail and any attachment is confidential and is intended solely for the addressee(s). If you are not intended recipient please inform the sender inmediately, answering this e-mail and delete it as well as the attached files. Any use, circulation or copy of this e-mail by any person or entity that not is the specific addressee(s) is prohibited. ANTEL is not responsible for any communication emitted without respecting our Information Security Policy. > > > > > > Este e-mail y cualquier posible archivo adjunto está dirigido únicamente al destinatario del mensaje y contiene información que puede ser confidencial. Si Ud. no es el destinatario correcto por favor notifique al remitente respondiendo este mensaje y elimine inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su sistema. Está prohibida cualquier utilización, difusión o copia de este e-mail por cualquier persona o entidad que no sean las específicas destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con respecto a cualquier comunicación que haya sido emitida incumpliendo nuestra Política de Seguridad de la Información. > . . . . . . . . . > This e-mail and any attachment is confidential and is intended solely for the addressee(s). If you are not intended recipient please inform the sender inmediately, answering this e-mail and delete it as well as the attached files. Any use, circulation or copy of this e-mail by any person or entity that not is the specific addressee(s) is prohibited. ANTEL is not responsible for any communication emitted without respecting our Information Security Policy. > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Problem using transparent proxy and iptables 1.3.1 2005-05-25 14:42 Problem using transparent proxy and iptables 1.3.1 Rafael Vallejo 2005-05-25 17:20 ` Subnets: Make Static Route or Iptables Rules Mike @ 2005-05-25 20:33 ` Ron Peterson 1 sibling, 0 replies; 6+ messages in thread From: Ron Peterson @ 2005-05-25 20:33 UTC (permalink / raw) To: Rafael Vallejo; +Cc: netfilter On Wed, May 25, 2005 at 09:42:27AM -0500, Rafael Vallejo wrote: > I'm having a problem with iptables, we recently instaled version 1.3.1 > on a Linux Kernel 2.6.10 > > This rule that used to work on former versions of iptables no longer > work on 1.3.1 > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT > --to-ports 3128 I was bitten by something similar a few months ago trying to block dhcp through a transparent bridge (I needed to use a different dhcp server on one side). I used ebtables instead to fix my problem. I was just doing allow/deny stuff though. Ebtables has a redirect option also, but it pertains to mac addresses. Maybe you could do something with marking, to make ebtables work in conjunction with iptables?? -- Ron Peterson Network & Systems Manager Mount Holyoke College http://www.mtholyoke.edu/~rpeterso ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2005-05-26 19:38 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-05-25 14:42 Problem using transparent proxy and iptables 1.3.1 Rafael Vallejo
2005-05-25 17:20 ` Subnets: Make Static Route or Iptables Rules Mike
2005-05-26 12:09 ` Eduardo Spremolla
2005-05-26 16:25 ` Mike
[not found] ` <1117133286.4318.5.camel@fly.in.iantel.com.uy>
2005-05-26 19:38 ` Mike
2005-05-25 20:33 ` Problem using transparent proxy and iptables 1.3.1 Ron Peterson
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.