I don't see why you would net ebtables for this, I do this with iptables and bridge-utils without a problem. I'm curious what your routing table looks like, as for my setup the routing is integral to this, and it didn't work until I added what seemed like a gratuitous route to me. I just looked at my config, and other than the bridge name I'm using an identical IP tables command. If you want I'd be happy to provide the script that controls my iptables firewall that has a virtual DMZ, WAN, and LAN interfaces.
Do you mind posting the output of /sbin/route? It will probably help us figure this out. On Wed, Oct 7, 2009 at 12:57 PM, Robin Wood <[email protected]> wrote: > 2009/10/7 Will Metcalf <[email protected]>: >> iptables should work fine for this, I'm doing exactly what you are >> tying to accomplish in multiple places. >> >> try these rules... where eth0 should be replaced with the interface >> that your port 80 traffic comes in on.. >> >> #redirect web traffic to proxy >> iptables -t nat -A PREROUTING -m physdev --physdev-in eth0 -p tcp >> --dport 80 -j REDIRECT --to-port 3128 >> >> #accept the redirected traffic >> iptables -A INPUT -p tcp --dport 3128 -j ACCEPT >> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT >> >> #allow all other traffic to move across the bridge >> iptables -A FORWARD -j ACCEPT >> > > OK, I'm building the physdev kernel module and will give it a try. > > Robin > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
