fre 2007-07-06 klockan 09:41 +0800 skrev Ming-Ching Tiew:
> However, if there is a subnet B, which is connected to subnet A, via
> a router R, then all the machines inside subnet B will have problem
> getting the http reply packets but http request packets have no
> problem going out.
Do your proxy have a return path route for subnet B?
> Then I added a route inside the Bridge/Squid S for the subnet B via
> router R, then the web request/reply problem is solved.
Ah, you didn't.. You need routing for all sessions you intercept, or the
proxy server won't know where to return traffic..
> It seems then to me that the http reply ( source port 80 ) has also be
> directed ***INTO*** the Bridge/Squid S. Why is that so ? Why didn't the
> Bridge/Squid forward the reply packet to the other side of the
> interface ?
I'd say that your ebtables rules is perhaps a bit too broad..
a packet matched by the ebtables redirect rule will be diverted from the
bridge into the TCP/IP stack to be routed, NAT:ed etc..
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:03 MDT