Hello Paul,
I am also newly registered. I do think that I have the above subject covered,
but I might be mistaken. I have 2 bridge instances (br0 and br1) -
external link and internal link respectively. Here are the rules I used in my
Debian Sarge machine -
IPT="/sbin/iptables"
EBT="/sbin/ebtables"
EXTIF="br1"
# Firewall start, the basics....
# __________________________________________________________
# Lets Lockdown this machine and then open up the required services
$EBT -A FORWARD -p IPv4 -j ACCEPT
$EBT -A FORWARD -p ARP -j ACCEPT
$EBT -A INPUT -p IPv4 -j ACCEPT
$EBT -A INPUT -p ARP -j ACCEPT
$EBT -A OUTPUT -p IPv4 -j ACCEPT
$EBT -A OUTPUT -p ARP -j ACCEPT
-------<cut>-----
$EBT -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port 80
-j redirect --redirect-target ACCEPT
$IPT -t nat -A PREROUTING -p tcp --dport 3128
-j DROP
$IPT -t nat -A PREROUTING -p tcp --dport www -m iprange --src-range $INTNWRANGE
-j REDIRECT --to-port 3128
$IPT -A INPUT -p tcp -i ${EXTIF%[0-9]}+ --dport 3128
-m state --state NEW,ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -p tcp -o ${EXTIF%[0-9]}+ --sport 3128
-m state --state ESTABLISHED -j ACCEPT
Two additional things that I would like to point out... I did add IP addresses
to both of my brX's but in your case try add an IP address to your br0.
It seems that when you run services on the machine with bridging on the device
you are going through that you need to give an IP address on that device
otherwise it just plainly doesn't work - well I didn't get it right
anyway. I am doing the same for SMTP and FTP and it seems to work fine. I was
hoping,
after my other post, to ask an aditional question about the having only an IP
address on my WAN side and service my LAN through the internal bridge with
proxy-arp on... so that I can set the gateway of my LAN to the WAN address or a
machine another hop beyound it.
--
Kind Regards
Etienne
Hi all, This is my first post to this list. I hope someone can help me, I have been getting grey hairs trying to make this work! I have a bridge setup on a debian sarge box. The bridge is called br0 and sits between my cable modem and a non-name brand router/switch: [cable modem]----[eth1]---[br0]----[eth2]-----[no-name brand router] I have squid setup on the linux box and it works, I have tested it. This is how I setup the bridge: ifconfig eth1 0.0.0.0 promisc up ifconfig eth2 0.0.0.0 promisc up brctl addbr br0 brctl addif br0 eth1 brctl addif br0 eth2 ifconfig br0 192.168.0.88 netmask 255.255.255.0 up route add default gw 192.168.0.1 dev br0 The output of uname -a: Linux sarge 2.6.8-2-386 #1 Tue Aug 16 12:46:35 UTC 2005 i686 GNU/Linux I have one other nic in the sarge box, eth0, which has the ip 192.168.0.2 My gateway (the no-name brand router), has the IP address 192.168.0.1 I have tried every howto I can find to setup squid as a transparent proxy but have not had any luck (including http://freshmeat.net/articles/view/1433/ and http://www.tldp.org/HOWTO/TransparentProxy.html). Every time I try these I have to reboot because I cannot get the bridge to act as normal, all web traffic does not go through. Can anyone tell me the ip/ebtables commands I need to get this working? Also, if there is a way to avoid rebooting if it does not work can you please tell me that as well. Thank you *very* much. Cheers Paul