You can create bridge interface with "brctl" and manage traffic on it with iptables...
2012/12/24 Robin Wood <[email protected]>: > On 24 December 2012 18:09, Robin Wood <[email protected]> wrote: >> On 23 December 2012 23:50, Robin Wood <[email protected]> wrote: >>> Hi >>> I need an IP tables rule that will catch all traffic going over a >>> network bridge and send anything destined to port 80 to 8080. As the >>> proxy that will be listening on port 8080 will modify some traffic to >>> make it request from the IP of the local machine I'll need the rule to >>> ignore requests to port 80 on the IP of the localhost. >>> >>> This is what I tried as this works with IP forwarding for things like >>> ARP spoofing but this doesn't work in this instance, I think because >>> there is no routing going on, the traffic is just being passed >>> straight through. >>> >>> iptables -t nat -A PREROUTING -p tcp --destination-port 80 ! -d >>> <local-IP> -j REDIRECT --to-port 8080 >>> >>> With this rule in place, if I drop the -d I can get pages being >>> requested from the web server on the local machine to be bounced >>> through the proxy. >>> >>> How do I do it? >>> >>> Got a few good tools going to be based on this if I can get it to work >> >> A few people have suggested things but none have worked so far. To >> work out which chain will affect things I've just tried the following: >> >> iptables -A INPUT -p tcp --dport 80 -j DROP >> iptables -A OUTPUT -p tcp --dport 80 -j DROP >> iptables -A FORWARD -p tcp --dport 80 -j DROP >> >> Which I think should drop all traffic heading towards port 80 but even >> with those rules in place I'm still able to surf through the bridge. >> >> From a previous project I have a feeling that having iptables affect >> bridge traffic is hard. If the device was routing traffic then the >> above rules should work but as it is just bridging then it isn't >> working. >> >> Robin > > I've remembered what I should be doing, I need ebtables not iptables. > > ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html > > That should get me in the middle. > > Robin > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
