I have ATS working in fully transparent mode on a bridged Linux box once again.
Could you check the FILTER chain to make sure that's not preventing connections? Just to double check, you could do HTTP requests across the bridge before trying to get ATS to work? Here are some command outputs from my working system. You should check them against yours. [r...@tidus ~]# iptables-save # Generated by iptables-save v1.4.7 on Mon Jan 3 21:48:59 2011 *mangle :PREROUTING ACCEPT [62665:33268149] :INPUT ACCEPT [47460:28434552] :FORWARD ACCEPT [22286:5671065] :OUTPUT ACCEPT [38554:11735201] :POSTROUTING ACCEPT [60855:17406859] -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j TPROXY --on-port 8080 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1 -A PREROUTING -i eth0 -p tcp -m tcp --sport 80 -j MARK --set-xmark 0x1/0x1 COMMIT # Completed on Mon Jan 3 21:48:59 2011 # Generated by iptables-save v1.4.7 on Mon Jan 3 21:48:59 2011 *filter :INPUT ACCEPT [47484:28436623] :FORWARD ACCEPT [22333:5679872] :OUTPUT ACCEPT [38568:11736735] COMMIT # Completed on Mon Jan 3 21:48:59 2011 [r...@tidus ~]# ebtables-save # Generated by ebtables-save v1.0 on Mon Jan 3 21:49:15 CST 2011 *broute :BROUTING ACCEPT -A BROUTING -p IPv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP -A BROUTING -p IPv4 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP *filter :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT [r...@tidus ~]# ip rule show 0: from all lookup local 32763: from all fwmark 0x1/0x1 lookup 1 32766: from all lookup main 32767: from all lookup default [r...@tidus ~]# ip route show table 1 local default dev lo scope host
