41 lines
1.8 KiB
HTML
41 lines
1.8 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
|
|
<TITLE>Transparent Proxy with Linux and Squid mini-HOWTO: Transparent Proxy With Bridging</TITLE>
|
|
<LINK HREF="TransparentProxy-8.html" REL=next>
|
|
<LINK HREF="TransparentProxy-6.html" REL=previous>
|
|
<LINK HREF="TransparentProxy.html#toc7" REL=contents>
|
|
</HEAD>
|
|
<BODY>
|
|
<A HREF="TransparentProxy-8.html">Next</A>
|
|
<A HREF="TransparentProxy-6.html">Previous</A>
|
|
<A HREF="TransparentProxy.html#toc7">Contents</A>
|
|
<HR>
|
|
<H2><A NAME="s7">7. Transparent Proxy With Bridging</A></H2>
|
|
|
|
<P>Warning, this is really esoteric stuff. If you need it, you'll know. If
|
|
not, skip this section. Thanks to Lewis Shobbrook (lshobbrook@fasttrack.net.au) for contributing to this section.
|
|
<P>If you are trying to setup a transparent proxy on a Linux machine that has
|
|
been configured as a bridge, you will need to add one additional iptables
|
|
command to what we had in section 5.
|
|
Specifically, you need to explicitly allow connections to the machine
|
|
on port 3128 (or any other port squid is listening on), otherwise the
|
|
machine will just forward them over to the other interface like a good
|
|
little bridge. Here's the magic words:
|
|
<UL>
|
|
<LI>iptables -A INPUT -i <B>interface</B> -p tcp -d <B>your_bridge_ip</B> -s <B>local-network</B> --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT</LI>
|
|
</UL>
|
|
|
|
Replacing <B>interface</B> with the interface that corresponds to
|
|
<B>your_bridge_ip</B> (typically eth0 or eth1). First time bridge users
|
|
should also note that you'll probably want to repeat the same command with
|
|
``3128'' replaced by ``telnet'' if you want to administer your bridge
|
|
remotely.
|
|
<HR>
|
|
<A HREF="TransparentProxy-8.html">Next</A>
|
|
<A HREF="TransparentProxy-6.html">Previous</A>
|
|
<A HREF="TransparentProxy.html#toc7">Contents</A>
|
|
</BODY>
|
|
</HTML>
|