Re: [squid-users] transparent tproxy: routing issue or my own problem ?

From: Ming-Ching Tiew <[email protected]>
Date: Fri, 6 Jul 2007 11:07:33 +0800

From: "Ming-Ching Tiew" <mingching.tiew@redtone.com>
>
> I am using squid in a Linux box setting up as a bridge, and have
> set up ebtables and iptables following the documentation
> available on the Net :-
>
> ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \
> --ip-destination-port 80 -j redirect --redirect-target ACCEPT
>
> iptables -t tproxy -A PREROUTING -i br0 -p tcp --dport 80 \
> -j TPROXY --on-port 80
>
>
> On a brief glance it seems it's working properly but upon detail
> investigation,
> there are some issues.
> ....
> I am looking for something more transparent. Any insight is much
> appreciated.

I think I fixed the issue by changing the ebtables rule to :-

ebtables -t broute -A BROUTING --logical-in br0 -p IPv4 --ip-protocol 6 \
   --ip-destination-port 80 -j redirect --redirect-target DROP

Note that subtle changes. With that I don't need to add routes and other
shits.
I would appreciate feedback from others to see if this is a better rule than
the original one.

Regards.
Received on Mon Jul 09 2007 - 00:07:49 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:03 MDT