From: Jasbir Khehra <jasbir.k@gmail.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] filter policy drop and allow transparent proxy
Date: Thu, 28 Dec 2006 18:49:22 +0000 [thread overview]
Message-ID: <45940EE2.1030904@gmail.com> (raw)
In-Reply-To: <4D411FB02758FE45915E9724339093F61A7135@intranet.scpl.local>
William Bohannan wrote:
> Trying to use the policy drop rule with the bridged firewall, when I
> removed the first line the transparent proxy works great? It seems a
> bit strange as from reading several articles on it I thought the
> following occurs.
> 1st line - if it doest match it gets dropped on the local filter input.
> 2nd line - redirects the traffic off the link layer into the network
> layer ready for line 3.
> 3rd line - redirects the port 80 to 8080 and then goes to the local
> process (squid) through the input filter
> 4th line - input filter accepts the traffic over riding the global
> reject policy.
>
> iptables -P INPUT DROP
> ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6
> --ip-destination-port 80 -j redirect --redirect-target ACCEPT
> iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT
> --to-port 8080
> iptables -A INPUT -p tcp --dport 80 -m physdev --physdev-in eth1
> --physdev-out eth0 -j ACCEPT
>
> Any help would be most welcome.
>
> Kind Regards
> William
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
The 4th line should look for packets on dport 8080 instead of 80
-Jasbir
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2006-12-28 18:49 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-28 18:21 [LARTC] filter policy drop and allow transparent proxy William Bohannan
2006-12-28 18:49 ` Jasbir Khehra [this message]
2006-12-28 19:24 ` William Bohannan
2006-12-29 8:52 ` Jasbir Khehra
2006-12-29 13:34 ` William Bohannan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45940EE2.1030904@gmail.com \
--to=jasbir.k@gmail.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.