transparent proxy and iptables failing

[william.metcalf at gmail.com (Will Metcalf)]

iptables should work fine for this, I'm doing exactly what you are
tying to accomplish in multiple places.

try these rules... where eth0 should be replaced with the interface
that your port 80 traffic comes in on..

#redirect web traffic to proxy
iptables -t nat -A PREROUTING -m physdev --physdev-in eth0 -p tcp
--dport 80 -j REDIRECT --to-port 3128

#accept the redirected traffic
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

#allow all other traffic to move across the bridge
 iptables -A FORWARD -j ACCEPT

Regards,

Will

On Wed, Oct 7, 2009 at 11:16 AM, Robin Wood <dninja at gmail.com> wrote:
> 2009/10/7 Robin Wood <dninja at gmail.com>:
> > I'm trying to setup a transparent proxy so I've got a linux device
> > with two NICs which are bridged using brctl. Traffic flows happily
> > across the bridge so I know it is working fine.
> >
> > Now when I try to setup the iptables rules they are being ignored. The
> > rule I want to use is:
> >
> > iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 80 -j REDIRECT
> > --to-port 3128
>
> Various people, including people on the netfilter mailing list, have
> suggested that I need to use ebtables rather than iptables. Are there
> any ebtables experts out there who could help me rewrite this rule to
> ebtables?
>
> Robin
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com