On 25/09/2013 5:37 a.m., psd17j-jacob wrote:
Hey guys,
Thanks for all the suggestions and feedback. I really appreciate your time.
I'd like to stick to (attempting) to use DG because I've already come so
far. It just seems to be this little bridge issue. I followed the link and
added the following lines:
ebtables -t broute -A BROUTING -i eth1 -p ipv4 --ip-proto tcp --ip-dport 80
-j redirect --redirect-target DROP
ebtables -t broute -A BROUTING -i eth0 -p ipv6 --ip6-proto tcp --ip6-sport
80 -j redirect --redirect-target DROP
ebtables -t broute -A BROUTING -i eth0 -p ipv4 --ip-proto tcp --ip-sport 80
-j redirect --redirect-target DROP
unfortunately that did not help. Do you have any other suggestions as to
what may help? The current rules are:
ebtables:
:BROUTING ACCEPT
-A BROUTING -p IPv4 --ip-proto tcp --ip-dport 80 -j redirect
-A BROUTING -p IPv4 --ip-proto tcp --ip-dport 443 -j redirect
Try removing these top ones. They overlap and likey clash with the rest.
-A BROUTING -p IPv4 -i eth1 --ip-proto tcp --ip-dport 80 -j redirect
--redirect-target DROP
-A BROUTING -p IPv6 -i eth0 --ip6-proto tcp --ip6-sport 80 -j redirect
--redirect-target DROP
-A BROUTING -p IPv4 -i eth0 --ip-proto tcp --ip-sport 80 -j redirect
--redirect-target DROP
Double-check those interface names.
iptables:
:OUTPUT ACCEPT [3:228]
-A PREROUTING -i br0.9 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A PREROUTING -i br0.9 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8080
I think you can drop the interface names here. The routing rules never
get to see any bridged packets, so only the ones which the ebtables
rules DROP will ever get here.
"br0.9" looks like an alias to me, which do not actually exist outside
of ifconfigs display, so removing that will likely produce a rule that
matches the real interface on packets.
-A PREROUTING -p tcp -m tcp --dport 3128 -j REDIRECT --to-ports 8080
Amos
