[Pauldotcom] transparent proxy and iptables failing
bcg at struxural.com
Thu Oct 8 11:37:56 UTC 2009
I think you need to add a route for your bridge. Assuming your bridge
device is still br-lan, with the 192.168.0.0/24 network, you need to
add this route to the kernel routing table for that device, and this
command should do it:
route add -net 192.168.0.0/24 dev br-lan
When I was debugging my setup, I was using tcpdump on the various
interfaces while pinging different networks to see if the traffic was
Let me know if that fixes things..
On Wed, Oct 7, 2009 at 6:04 PM, Robin Wood <dninja at gmail.com> wrote:
> 2009/10/7 Ben Greenfield <bcg at struxural.com>:
>> I don't see why you would net ebtables for this, I do this with
>> iptables and bridge-utils without a problem. I'm curious what your
>> routing table looks like, as for my setup the routing is integral to
>> this, and it didn't work until I added what seemed like a gratuitous
>> route to me. I just looked at my config, and other than the bridge
>> name I'm using an identical IP tables command. If you want I'd be
>> happy to provide the script that controls my iptables firewall that
>> has a virtual DMZ, WAN, and LAN interfaces.
>> Do you mind posting the output of /sbin/route? It will probably help
>> us figure this out.
> I've ran out of time to do this today so will have to come back to it
> tomorrow but the routing on a machine on both sides of the bridge is
> just a normal default route and the device doesn't have a route setup
> $ /sbin/route
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
> default 192.168.0.254 0.0.0.0 UG 0 0 0 eth0
> I agree that this should all work so it is probably just something
> daft. I've built the physdev module and got it installed but not
> tested it yet, hopefully that will solve things.
> Are there any basic tests anyone can suggest that I can work through
> to try to debug this?
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> Main Web Site: http://pauldotcom.com
More information about the Pauldotcom