similar to: filter policy drop and allow transparent proxy

Hi I have been using Shorewall for a while now and find it very useful and easy to configure, I am learning iptables and having trouble getting the bridge to successfully work with squid, although I get it working with Shorewall straight away? Does anyone know the rules to successfully use squid with a transparent bridge? Internet – router - (bridge eth0 – eth1) – local lan auto lo iface lo

Currently using physdev on a bridge to try and isolate certain paths across and to the bridge. It all works except when trying to stop the flow in one direction on the FORWARD chain?? Can someone please help?? Below is the testing done so far. eth1 <---> BRIDGE <---> eth0 # Block (eth0 ---> eth1) - blocks both directions and not just one?? iptables -A FORWARD -m physdev

Hi, [sorry for the crosspost, I don''t know whether this is a routing or ebtables problem] I want to redirect all HTTP traffic passing through my bridge to a squid proxy on another machine. However, setting up brouting as suggested in the ebtables examples doesn''t work and the packets get dropped on the floor completely. /\/\/\/\/\/\/\/\ +----------------------+

Hi all, This is my first post to this list. I hope someone can help me, I have been getting grey hairs trying to make this work! I have a bridge setup on a debian sarge box. The bridge is called br0 and sits between my cable modem and a non-name brand router/switch: [cable modem]----[eth1]---[br0]----[eth2]-----[no-name brand router] I have squid setup on the linux box and it works, I have

Still learning Xen, and would like to know if it''s possible to run Squid in D0 when running in bridging mode. I have iptables and ebtables going, and am able to log packets with those, but can''t seem to get any traffic out of the bridge into Squid in D0 (or through iptables in D0, for that matter). Information I''ve gathered so far is that I need

Not normally a question for this group, but you guys are very bridge/router/firewall savvy, so I thought I''d toss it here. I have a bridge. On one side of the bridge is that fancy thing called the Internet. On the other side is my LAN. The bridge is the obvious demarcation line and a good place to put a firewall. Now, I have all my iptables stuff planned out, EXCEPT for nat. The

Hi, Sorry to bother you all. I have a typical problem sharing DSL upstream bandwidth with users. I have 3 types of traffic high-priority, medium-priority and low priority. My upstream rate is 960kbits. Traffic (any priority) can vary in bandwidth from 0 to 960kbits. I have a test setup where I can pump 600kbit of high priority sustained and I have 400kbit of low priority traffic sustained. I

Hello! I have the following setup: 1) a connection to my ISP with a public IP (1.2.3.4) with the gateway 1.2.3.1 2) an allocated IP class with 64 addresses (5.6.7.192/26) 3) two LANs connected through two NICs: a) 192.168.0.0/24 on eth1 (192.168.0.1) b) 10.0.0.0/24 on eth2 (10.0.0.1) The IPs from the allocated class are all assigned to eth0. The networks are SNATed to the external IP and

Good morning, I''m writing to ask for collaboration in finding an improvement to a particular process. Today: To get traffic for our IDS sensors and a billing system, we collect everything at our core switches (2) by connecting a SPAN port from each switch to a server (so, 2 interfaces collecting traffic). That server changes the destination MAC address on all traffic to that of

Hello list, I've posted here about this before, but I realise that it may have been assumed that the bridged vlans simply put a switch port in a blocking state and left my question ignored. So to recap. I have two tg3 interfaces named 'in' and 'out' and a bridge named 'br0' My vlan trunk is on the 'in' side of the network, and set as in.2, in.3 ... The

I want to use snort inline for ips and imq for bandwidth shaping When i have inserted imq module ip_queue module insertion giving error Is it possible to use both at the same time -- Failure seldom stops you. What stops you is the fear of failure. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Hi, First, some software versions, just to get them out of the way: - CentOS 5.x through Centos 6.2 - Ruby 1.8.5 - 1.8.7 - Puppet 2.7.19 - Facter 1.6.11 Just a note - we''re working from the EPEL repos almost exclusively. I am working with the firewall module, and so far I am unable to use firewallchain. Some digging suggests that it''s not completely user error (though I

Hi, I''ve asked this elsewhere and received hints but no one seems to have a concrete explanation :- What I am looking to do is to be able to configure a Linux based router to be able to share THE SAME SINGLE Public IP address between the linux router and a single computer on the lan acting as the DMZ host (NOT normal NAT IP sharing !). So basically you have a linux router with two

Hi Rahul, If you're certain that your problem isn't as Stephen suggested, you might want to have a look at this: --- (From http://ebtables.sourceforge.net/brnf-faq.html <http://ebtables.sourceforge.net/brnf-faq.html> ) How do I let vlan-tagged traffic go through a vlan bridge port and the other traffic through a non-vlan bridge port? Suppose eth0 and eth0.15 are ports of br0.

Hi, I'm trying to configure nwfilter for KVM, but so far I haven't managed to figure out a working configuration. Network setup: The dom0 (Debian 7.1, kernel 3.2.46-1, libvirt 0.9.12) is connected via eth0, part of the external subnet 192.168.17.0/24, and has an additional subnet 192.168.128.160/28 routed to its main address 192.168.17.125. The host's subnet is configured as bridge

Hi wondering if anyone can help. I have two NICs on a debian sarge based system and current running as a bridge (br0) which consists of eth0 and eth1. Is it possible to add a virtual interface to the eth1 so I can also do NAT on the box as well? I have tried many times and keep coming up with errors. Kind Regards William Bohannan

Hello. I''m trying to use vlan in domU, but have something strange: I created bridge on eth0. This interface was configured as trunk with vlan 300, 301. I use this bridge in my domU, and I can see tagged packets when run tcpdump in domU. Also I created interface on domU to work with vlan 300. On this interface I see untagged packets in vlan300. And everything looks fine. But when

Here are some notes I have about Linux bridging. I''ll try to separate what I know I know from what I think I know. Let''s say I want to bridge eth0, eth1, and eth2 together, all with an IP Address of, say, 1.2.3.2. This is how to do it: echo "Setting up br0 to bridge eth0 with eth1 and eth2" /usr/sbin/brctl addbr br0 /usr/sbin/brctl addif br0 eth0

I have posted this question to the netfilter mailing list along with #ebtables, #iptables, and #netfilter. Nobody has really responded, so I''m led to believe that it is either incredibly complicated or *really* simple. Please, somebody throw me a bone here! Ok, on with the show... I have a bridge (br0) with two interfaces (eth1 and eth2). Neither br0, eth1, or eth2 have an

Hi installed Debian with bridging enabled then I install squid. Squid work if I manually enter proxy setting in firefox. Then I ran the following to make it transparent: echo 1 > /proc/sys/net/ipv4/ip_forward ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port 80 -j redirect --redirect-target ACCEPT iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80