fre 2007-07-06 klockan 11:07 +0800 skrev Ming-Ching Tiew:
> I think I fixed the issue by changing the ebtables rule to :-
>
> ebtables -t broute -A BROUTING --logical-in br0 -p IPv4 --ip-protocol 6 \
> --ip-destination-port 80 -j redirect --redirect-target DROP
Should be
ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \
-i eth0 --ip-source your.lan.network/mask \
--ip-destination-port 80 -j redirect --redirect-target ACCEPT
with eth0 being the interface connected to your LAN, and
your.lan.network/mask the IP network used on your LAN.
Do NOT redirects networks for which you do not have routing configured,
doing so will not work.
If you are to use TPROXY then I'd recommend using the bridge-netfilter
integration instead of ebtables. This because TPROXY needs to intercept
the return traffic as well, not just lan->internet traffic. It's
possible to add ebtables rules for this by doing rules inverse to the
above.
ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \
--ip-destination your.lan.network/mask \
--ip-source-port 80 -j redirect --redirect-target ACCEPT
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:03 MDT