On Wednesday 24 September 2003 14:33, Robert Eliassen wrote: > So the lack of "Bridge firewalling" in your kernel would be a plausible > explanation. Whatever that means... ;-) > > I've read somewhere that the "standard" bridge-code in Linux is > insufficient for a transparent proxy.
Yep, spot on. It's actually very simple. the linux kernel bridge support is purely that - linking two or more network interfaces together to form a bridge. No more, no less. It contains no facility to run iptables commands across the bridge because the code does not interface at all to Netfilter, the linux firewalling code, and filling this void is precisely what the bridge-nf patch does :) So, since you need to issue an 'iptables -t nat -A PREROUTING...' command to do transparent proxying, you need to be able to apply Netfilter to the bridge, and hence you need the bridge-nf patch Cheers, Gavin. _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
