From: "Henrik Nordstrom" <henrik@henriknordstrom.net>
>
> ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \
> -i eth0 --ip-source your.lan.network/mask \
> --ip-destination-port 80 -j redirect --redirect-target ACCEPT
If you look at the http://ebtables.sourceforge.net/examples.html#easy,
it says when re-direct on ethX, it should be DROP instead of accept,
while doing it on brX, then it should be ACCEPT. I am no ebtables
expert, correctly if I am wrong. :-)
> If you are to use TPROXY then I'd recommend using the bridge-netfilter
> integration instead of ebtables.
I lost you, what do you mean by bridge-netfilter integration. Any URL ?
> This because TPROXY needs to intercept
> the return traffic as well, not just lan->internet traffic. It's
> possible to add ebtables rules for this by doing rules inverse to the
> above.
>
>
> ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \
> --ip-destination your.lan.network/mask \
> --ip-source-port 80 -j redirect --redirect-target ACCEPT
>
Hmmm interesting. I do not have this rule in my system and I am
able to surf the NET via the bridge/squid ( if I set up proper routing ).
Now you make me wonder if I have set it up correctly. It seems to
me that the internet-->lan traffic is already heading into the bridge,
so there is no need to hijack it again. Am I missing something ?
Regards.
Received on Mon Jul 09 2007 - 14:06:57 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:03 MDT