1. Home
  2. Networking Firewalls
  3. bridge firewall wont DNAT http to proxy

bridge firewall wont DNAT http to proxy

Hi all, hope you can help me with this little problem!

For the past couple of years we have had a linux machine (fedora) running as a bridged/transparent router between our windows servers (that has a public IP) and the gateway router (provided by BT).

Everything has been great but I'm looking to add a little more functionality...

I want all http 80 traffic that is about to leave the network (entering the bridged router) to redirect into another server running squid.

The problem is the routing of data.

I have tried many options but to no avail.

I added the following rule to the nat prerouting using only one of the servers as a source for testing.:

-A PREROUTING -p tcp -s 194.72.xxx.xxx --dport 80 -j DNAT --to-destination

192.168.x.x:80

But nothing happens. I tried the destination address as a 194.72 but it also didnt work.

Routes are all working and the servers/squid/bridge (has a local ip on br0) can talk to each other ok. ipv4 forwarding is enabled.

I probably haven't been detailed enough but if anyone has any solutions or require more info then I would really really appreciate your help!

Many thanks in advance!

rico.

[root@xxxxxxx~]# ifconfig br0 Link encap:Ethernet HWaddr 00:02:B3:B4:60:20 inet6 addr: fe80::202:b3ff:feb4:6020/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:26881 errors:0 dropped:0 overruns:0 frame:0 TX packets:10798 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1813830 (1.7 MiB) TX bytes:2222767 (2.1 MiB)

br0:0 Link encap:Ethernet HWaddr 00:02:B3:B4:60:20 inet addr:192.168.xxx.xxx Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

br0:1 Link encap:Ethernet HWaddr 00:02:B3:B4:60:20 inet addr:194.72.xxx.xxx Bcast:194.72.111.191 Mask:255.255.255.240 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

eth0 Link encap:Ethernet HWaddr 00:02:B3:B4:60:20 inet6 addr: fe80::202:b3ff:feb4:6020/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:141519 errors:0 dropped:0 overruns:0 frame:0 TX packets:139218 errors:0 dropped:0 overruns:0 carrier:0 collisions:1176 txqueuelen:1000 RX bytes:21761332 (20.7 MiB) TX bytes:111661372 (106.4 MiB)

eth1 Link encap:Ethernet HWaddr 00:02:B3:B4:60:21 inet6 addr: fe80::202:b3ff:feb4:6021/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:157758 errors:0 dropped:0 overruns:0 frame:0 TX packets:143081 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:112414496 (107.2 MiB) TX bytes:21491683 (20.4 MiB)

lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:50 errors:0 dropped:0 overruns:0 frame:0 TX packets:50 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4510 (4.4 KiB) TX bytes:4510 (4.4 KiB)

iptables:

Reply to
Ricardo Meechan
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.