From: Radu Oprisan <radu@securesystems.ro>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] linux transparent bridge running squid
Date: Sat, 22 Jul 2006 21:04:34 +0000 [thread overview]
Message-ID: <44C292E2.9070205@securesystems.ro> (raw)
In-Reply-To: <20060721183200.66A5F3FB6@outpost.ds9a.nl>
Luciano Ruete wrote:
> El Friday 21 July 2006 15:31, William Bohannan escribió:
>> Hi I have been using Shorewall for a while now and find it very useful and
>> easy to configure, I am learning iptables and having trouble getting the
>> bridge to successfully work with squid, although I get it working with
>> Shorewall straight away? Does anyone know the rules to successfully use
>> squid with a transparent bridge?
>>
>> Internet – router - (bridge eth0 – eth1) – local lan
>>
>> auto lo
>> iface lo inet loopback
>>
>> auto br0
>> iface br0 inet static
>> address 192.168.0.253
>> netmask 255.255.255.0
>> network 192.168.0.0
>> broadcast 192.168.0.255
>> gateway 192.168.0.254
>> pre-up /sbin/ip link set eth0 up
>> pre-up /sbin/ip link set eth1 up
>> pre-up /usr/sbin/brctl addbr br0
>> pre-up /usr/sbin/brctl addif br0 eth0
>> pre-up /usr/sbin/brctl addif br0 eth1
>>
>> iptables -A INPUT -i br0 -p tcp -d 192.168.0.253 -s 192.168.0.0 --dport
>> 3128 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -t nat -A
>> PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3128 echo 1 >
>> /proc/sys/net/ipv4/ip_forward
>
> you are at Link layer in the bridge, packets dont travel up to Network layer,
> so iptables does not even see this packets.
> Either you can use ebtables[1] or see 'physdev' in iptables man page.
>
> [1]http://ebtables.sourceforge.net/
Also, i need to point this out, be very careful as not to include the
squid machine in the ebtables redirect, as that could end up in an
endless loop.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2006-07-22 21:04 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-21 18:31 [LARTC] linux transparent bridge running squid William Bohannan
2006-07-21 19:37 ` Andrew Beverley
2006-07-22 16:30 ` Luciano Ruete
2006-07-22 21:04 ` Radu Oprisan [this message]
2006-07-24 19:33 ` [LARTC] linux transparent bridge running squid and dansguardian William Bohannan
2006-07-25 18:09 ` Luciano Ruete
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44C292E2.9070205@securesystems.ro \
--to=radu@securesystems.ro \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.