John Lauro wrote:
> Hello,
>
> Can someone post a working configuration (full iptables and ebtables) of
> squid in transparent bridge mode along with the kernel version that is known
> to work. Someone working on the kernel seem to be changing things (to add
> security?) and it broke transparency with 2.6.32.*.
>
> I was able to get it configured with squid being a router in kernel
> 2.6.31.12. However, kernel 2.6.32.5 is broke with identical configuration.
>
> Just plain bridging works without squid, but once I try to intercept a
> connection over two shared bridge ports, I can't get the connect to
> establish from client to squid box. I don't know if my problem is with my
> setup, or my kernel is too new for the examples I found.
>
> Thank you.
>
The one that _should_ be working is this:
ebtables -t broute -A BROUTING -i $CLIENT_IFACE -p ipv4 --ip-proto tcp
--ip-dport 80 -j redirect --redirect-target DROP
ebtables -t broute -A BROUTING -i $INET_IFACE -p ipv4 --ip-proto tcp
--ip-sport 80 -j redirect --redirect-target DROP
cd /proc/sys/net/bridge/
for i in *
do
echo 0 > $i
done
unset i
NP: DROP because its processing level is being 'dropped' out of ebtables
into the iptables routing levels.
That config came from the netfilter kernel experts themselves. If it is
not working it's a kernel bug, please mention it to the netfilter people
in charge of that piece of the kernel.
Amos
-- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21 Current Beta Squid 3.1.0.15Received on Mon Jan 25 2010 - 04:30:47 MST
This archive was generated by hypermail 2.2.0 : Mon Jan 25 2010 - 12:00:04 MST