iptables should work fine for this, I'm doing exactly what you are tying to accomplish in multiple places.
try these rules... where eth0 should be replaced with the interface that your port 80 traffic comes in on.. #redirect web traffic to proxy iptables -t nat -A PREROUTING -m physdev --physdev-in eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 #accept the redirected traffic iptables -A INPUT -p tcp --dport 3128 -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #allow all other traffic to move across the bridge iptables -A FORWARD -j ACCEPT Regards, Will On Wed, Oct 7, 2009 at 11:16 AM, Robin Wood <[email protected]> wrote: > 2009/10/7 Robin Wood <[email protected]>: >> I'm trying to setup a transparent proxy so I've got a linux device >> with two NICs which are bridged using brctl. Traffic flows happily >> across the bridge so I know it is working fine. >> >> Now when I try to setup the iptables rules they are being ignored. The >> rule I want to use is: >> >> iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 80 -j REDIRECT >> --to-port 3128 >> > > Various people, including people on the netfilter mailing list, have > suggested that I need to use ebtables rather than iptables. Are there > any ebtables experts out there who could help me rewrite this rule to > ebtables? > > Robin > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
