Thanks for your help all you guys who did help me, and everyone else for your patience.
To create a transparent proxy that does web cache, capturing packets from a bridge device, with squid (and the bridge) in the same machine. My solution was: - Upgrade to kernel 2.6.5 - Get ebtables http://ebtables.sourceforge.net/ - Use the following lines // Create the bridge # ifconfig eth0 0.0.0.0 promisc up # ifconfig eth0 0.0.0.0 promisc up # brctl addif br0 eth0 # brctl addif br0 eth0 # ifconfig br0 200.1.2.3 netmask 255.255.255.0 up # route add default gw 200.1.2.254 dev br0 // This line tells ebtables to route (accept) the packages // going to port 80, instead of bridging them: # ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port 80 -j redirect --redirect-target ACCEPT // Tell iptables to redirect the packages going to 80, to its own port 3128 # iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3128 Works like a charm!!! :D An if the squid/bridge machine crashes or dies i can easily unplug the cable and plug it to the router. NOTE: I learned that if after setting up my bridge if your machine locks up or beings with a nasty behaviour. It is a network driver problem, it's because one (or both) interface can't go into promiscuos mode. Get a better card! As i did. I've put a page to instruct how to do it (in spanish): http://fismat.umich.mx/~ariel/?ariel=bridged-squid Mensaje citado por Denis Vlasenko <[EMAIL PROTECTED]>: > On Wednesday 14 April 2004 20:38, Ariel Molina Rueda wrote: > > Quoting Denis Vlasenko <[EMAIL PROTECTED]>: > > > On Tuesday 13 April 2004 23:23, Ariel Molina Rueda wrote: > > > > Hello, > > > > > > > > I have a network and im trying to do transparent web-cache with Squid, > > > > but my network is too complex and i prefer not to edit settings so i > > > > think a bridge is adecuated. My network is > > > > > > > > ((internet)) > > > > > > > > +------+ > > > > > > > > |router| > > > > > > > > +------+ > > > > > > > > * <--- Squid here > > > > > > > > +--------+ > > > > > > > > | switch | > > > > > > > > +--------+ > > > > > > > > | | | \ > > > > | | | \ > > > > > > > > (clients) (wireless clients) > > > > > > I'd put squid _on_ the router box, add transparent redirect > > > and compile squid with Linux trasparent redirect support. > > > > > > No need to mess with bridging. > > > > > > Works for me. > > > > Would be great, but it is a Cisco router, i cant install squid on it. Also > > i cannot route www traffic directly to the squid box, i need it to be a > > ghost machine, so if it fails i can unplug the cable and plug it to the > > router. > > But you can get rid of cisco altogether ;) > > What cisco does for you that Linux won't, > except for more pricey hardware? > -- > vda > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
