Hello. > Probably a good way to do this (assuming you have the bridge-nf patches) > would be something like this: > > $LOCALNET = 192.168.10.0/24 > $PROXYMACHINE = 192.168.10.1 > $IPTABLES -A INPUT -i eth0 -s $LOCALNET -p tcp --destination-port 8080 -j ACCEPT > $IPTABLES -t nat -A PREROUTING -i eth0 -s ! $PROXYMACHINE -d ! $LOCALNET -p tcp --dport 80 -j REDIRECT --to-port 8080 > > Note that the -s and -d lines (with the '!') are important, as you don't > want redirection of web traffic from the proxy (you'll get a loop).
Don`t you think, that the destination MAC address of packets will not be the MAC address of $PROXYMACHINE ? So, Linux won`t work with this packets (and there will not be any NAT). You need "Frame Diverter", that will replace destination MAC address. Alex. _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
