You dont need an iptables- bridge for transparent proxies. If you like to have one for another reason, assign an IP to your external interface, otherwise squid cant talk to the outside. Then just use these rules:
# vars MY_NET="192.168.1.0/24" MY_DNS="1.2.3.4" SQUID_IP="127.0.0.1" INT_IF="eth1" EXT_IF="eth0" # policy iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP # dnat to squid iptables -t nat -A PREROUTING -i $INT_IF -p tcp --dport 80 -s ! $SQUID_IP -d ! $MY_NET -j DNAT --to-destination $SQUID_IP:3128 # access to squid from intranet iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i $INT_IF -p tcp --dport 3128 -m state --state NEW -j ACCEPT # access for squid to internet iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -o $EXT_IF -p udp --dport 53 -d $MY_DNS -m state --state NEW -j ACCEPT iptables -A OUTPUT -o $EXT_IF -p tcp --dport 53 -d $MY_DNS -m state --state NEW -j ACCEPT iptables -A OUTPUT -o $EXT_IF -p tcp --dport 80 -m state --state NEW -j ACCEPT Dont forget to setup squid for transparent services, otherwise you only get an error message. Best regards, Sandro Littke. On Sat, 2003-03-15 at 15:18, hare ram wrote: > Hi all > > i have setup the transparent Bridge > like to have transparent cache > > but i could not able to able to traffic divert using iptables > could some one guide me why > > > mysetup > > PC----eth1(Bridge)eth0---Router--internet > > > > thanks > hare > > -- --------- CIT Jena - IT Consulting tel +49 3641 363700 fax +49 3641 363701 mobil +49 172 5214549
