transparent proxy and iptables failing

[dninja at gmail.com (Robin Wood)]

2009/10/7 Robin Wood <dninja at gmail.com>:
> I'm trying to setup a transparent proxy so I've got a linux device
> with two NICs which are bridged using brctl. Traffic flows happily
> across the bridge so I know it is working fine.
>
> Now when I try to setup the iptables rules they are being ignored. The
> rule I want to use is:
>
> iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 80 -j REDIRECT
> --to-port 3128
>
> but nothing gets redirected. I've also tried changing 3128 to a port
> that is closed to see what would happen, nothing, the packets kept
> flowing.
>
> I've also tried clearing the list and then adding
>
> iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 80 -j DROP
>
> which should kill all web traffic but it doesn't. As a last resort I tried
>
> iptables -t nat -A PREROUTING -i br-lan -p tcp -j DROP
>
> which should kill all TCP traffic but again, nothing.
>
> What am I doing wrong?

An update to this... I just tried replacing the Fon that I was
originally running on with a laptop with two completely independent
NICs and the first command I posted here works fine. Looks like the
issue is the Fon and the two NICs probably being one real one somehow
virtualised into two, or, iptables on the Fon is just broken. I'd go
for the first as the NICs by default come up as eth0.0 and eth0.1.

I'm going to dig into this further and try putting a USB NIC on the
Fon and see what happens.

Robin