On Sun, 25 Nov 2001, Henrik Nordstrom wrote: > Doing DNAT in the bridge will work for the majority of browsers out there. > > If the return traffic "normally" does not go thru the bridge, then your can > use SNAT to force it to go that way. However, this comes at the price of no > longer having source IP addresses available in the proxy logs.. (all will > appear as if coming from the SNAT address). Alternatively you can solve this
well i sticked with that solution for the time being . I added a 3rd nic to the bridge and assigned it an ip(unsure if and how that affected the whole setup).Now I am using the following rules in the bridge iptables -t nat -A PREROUTING -i eth2 -p tcp ! -s proxybox ! \ -d localnet --dport 80 -j DNAT --to proxybox:proxyport iptables -t nat -A POSTROUTING -o eth2 -s localnet \ -d proxybox -j SNAT --to arbitrary_ip_belonging_to_my_local_net eth2 is the half of the the bridge that is connected to the internal network , where my clients and the proxy server reside . The 3rd nic that has the firewall`s ip is connected outside the internal network . i use the firewalls ip for the snat , but using arbitrary ipz (even from other boxes in the local net) also did the trick . i can live without the client`s ip in the logfile Thnx for the clue all :) -D _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
