On 23 December 2012 23:50, Robin Wood <[email protected]> wrote: > Hi > I need an IP tables rule that will catch all traffic going over a > network bridge and send anything destined to port 80 to 8080. As the > proxy that will be listening on port 8080 will modify some traffic to > make it request from the IP of the local machine I'll need the rule to > ignore requests to port 80 on the IP of the localhost. > > This is what I tried as this works with IP forwarding for things like > ARP spoofing but this doesn't work in this instance, I think because > there is no routing going on, the traffic is just being passed > straight through. > > iptables -t nat -A PREROUTING -p tcp --destination-port 80 ! -d > <local-IP> -j REDIRECT --to-port 8080 > > With this rule in place, if I drop the -d I can get pages being > requested from the web server on the local machine to be bounced > through the proxy. > > How do I do it? > > Got a few good tools going to be based on this if I can get it to work
A few people have suggested things but none have worked so far. To work out which chain will affect things I've just tried the following: iptables -A INPUT -p tcp --dport 80 -j DROP iptables -A OUTPUT -p tcp --dport 80 -j DROP iptables -A FORWARD -p tcp --dport 80 -j DROP Which I think should drop all traffic heading towards port 80 but even with those rules in place I'm still able to surf through the bridge. >From a previous project I have a feeling that having iptables affect bridge traffic is hard. If the device was routing traffic then the above rules should work but as it is just bridging then it isn't working. Robin _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
