In theory it works, but for a setup like this I would probably recommend using proxy-ARP. There is some minor issues with what happens when the bridge does see a packet for a not yet known MAC address.
Regards Henrik Nordstr�m On Wed, 25 Sep 2002, cgfreita wrote: > Hi, > > Slackware 8.1 > Kernel 2.4.19 > Squid Last 2.4.7 STABLE > Iptables 1.2.7a > Last version of bridge+nf and bridge-utils > > I would like to know if the bridge code is "appropriate" to build a > bridge with netfilter and a Squid web cache. I am using here, for > testing purposes and it works but, I would like to know about other > opinions. > Squid is "listening" at br0 interface. There are eth0 and eth1 slaved > to br0. Requests to Squid are coming from eth0. > The ADSL device is SNATing internal LAN. > Netfilter rules DROP access to port 80 coming from any IP other than > br0. > It is working this way: > > INTERNET > ! > !200.x > +-------+ > ! ADSL ! > +-------+ > !10.x.x.x > ! > ! eth1 > +---------+ > ! BRIDGE! > ! NETFILTER! > ! SQUID ! > +--------+ > !eth0 > ! > ! > LAN > > Thank you for your attention. > > []s > > Freitas > _______________________________________________ > Bridge mailing list > [EMAIL PROTECTED] > http://www.math.leidenuniv.nl/mailman/listinfo/bridge > _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
