From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jasbir Khehra <jasbir.k@gmail.com>
Date: Fri, 29 Dec 2006 08:52:29 +0000
Subject: Re: [LARTC] filter policy drop and allow transparent proxy
Message-Id: <4594D47D.1080709@gmail.com>
List-Id: <lartc.vger.kernel.org>
References: <4D411FB02758FE45915E9724339093F61A7135@intranet.scpl.local>
In-Reply-To: <4D411FB02758FE45915E9724339093F61A7135@intranet.scpl.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

William Bohannan wrote:
> Thanks for the quick response Jasbir.  Tried doing as you said with no
> luck, changed dport to port 8080 on the 4th line (see below).  Same as
> before if you remove line 1 the transparent proxy works.
> 
> 
> iptables -P INPUT DROP
> ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6
> --ip-destination-port 80 -j redirect --redirect-target ACCEPT
> iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT
> --to-port 8080
> iptables -A INPUT -p tcp --dport 8080 -m physdev --physdev-in eth1
> --physdev-out eth0 -j ACCEPT
> 
> Kind Regards
> 
> William
Need to do some debugging.
Set default INPUT policy to ACCEPT and add various rules in the INPUT 
chain (without any target action ) to verify which rules are matching.

for example:
iptables -A INPUT -p tcp --dport 8080 -m physdev --physdev-in eth1
  --physdev-out eth0
iptables -A INPUT -p tcp --dport 8080 -m physdev --physdev-in eth0
  --physdev-out eth1
iptables -A INPUT -p tcp --dport 8080 -i br0
Then check out the output of:
iptables -nvL INPUT
HTH
Jasbir
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc