[LARTC] filter policy drop and allow transparent proxy
Jasbir Khehra
jasbir.k at gmail.com
Thu Dec 28 19:37:22 CET 2006
William Bohannan wrote:
> Trying to use the policy drop rule with the bridged firewall, when I
> removed the first line the transparent proxy works great? It seems a
> bit strange as from reading several articles on it I thought the
> following occurs.
> 1st line - if it doest match it gets dropped on the local filter input.
> 2nd line - redirects the traffic off the link layer into the network
> layer ready for line 3.
> 3rd line - redirects the port 80 to 8080 and then goes to the local
> process (squid) through the input filter
> 4th line - input filter accepts the traffic over riding the global
> reject policy.
>
> iptables -P INPUT DROP
> ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6
> --ip-destination-port 80 -j redirect --redirect-target ACCEPT
> iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT
> --to-port 8080
> iptables -A INPUT -p tcp --dport 80 -m physdev --physdev-in eth1
> --physdev-out eth0 -j ACCEPT
>
> Any help would be most welcome.
>
> Kind Regards
> William
>
> _______________________________________________
> LARTC mailing list
> LARTC at mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
The 4th line should look for packets on dport 8080 instead of 80
-Jasbir
More information about the LARTC
mailing list