Hello ,
I am using 2.4.14 with bridge-nf-0.0.3 acting as a transparent firewall
between my network and our upstream . I have setup inside my local network
a box with squid setup in transparent proxy mode . However I havent been
able to figure out the appropriate iptables rules needed in the bridge box
. The transparent proxy minihowto seems to assume that the iptables box
has an ip address , which is not the case in my setup . I have 2 nics
doing bridging & firewalling and thats all .
the minihowto proposes the following commands
iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp --dport
80 -j DNAT --to squid-box:3128
iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-
box -j SNAT --to iptables-box
iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0
-p tcp --dport 3128 -j ACCEPT
substituting eth0 with the name of the bridge interface forwards the
packets to the squid box . However without the appropriate POSTROUTING
command the squid box tries to communicate directly with the client ,
which of course responds to it with RST packets since it expected
response from the site it tried to browse .
If i understand correctly the howtos concept it to make the requests look
like they originate from the firewall and then forward them to the squid .
Is there anything we can do if the firewall is to be transparent to all ,
even to the squid box ?
Kind regards
Dimitris
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
