[LARTC] filter policy drop and allow transparent proxy
Jasbir Khehra
jasbir.k at gmail.com
Fri Dec 29 09:40:29 CET 2006
William Bohannan wrote:
> Thanks for the quick response Jasbir. Tried doing as you said with no
> luck, changed dport to port 8080 on the 4th line (see below). Same as
> before if you remove line 1 the transparent proxy works.
>
>
> iptables -P INPUT DROP
> ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6
> --ip-destination-port 80 -j redirect --redirect-target ACCEPT
> iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT
> --to-port 8080
> iptables -A INPUT -p tcp --dport 8080 -m physdev --physdev-in eth1
> --physdev-out eth0 -j ACCEPT
>
> Kind Regards
>
> William
Need to do some debugging.
Set default INPUT policy to ACCEPT and add various rules in the INPUT
chain (without any target action ) to verify which rules are matching.
for example:
iptables -A INPUT -p tcp --dport 8080 -m physdev --physdev-in eth1
--physdev-out eth0
iptables -A INPUT -p tcp --dport 8080 -m physdev --physdev-in eth0
--physdev-out eth1
iptables -A INPUT -p tcp --dport 8080 -i br0
Then check out the output of:
iptables -nvL INPUT
HTH
Jasbir
More information about the LARTC
mailing list