<html><body><div style="font-family: times new roman, new york, times, serif; font-size: 12pt; color: #000000"><div>I'm close to removing the Linksys in my attic and replacing it with a Begalebone Black Rev C. We'll call the new one: "The Great Wall". :)</div><div><br></div><div>I run that device as a bridge between the master wireless interface and the lan ports. This allow devices to connect to it and me to ping those devices from my office. </div><div><br></div><div>I've been able to install and run Squid 3 on my BBB AP. I've got this working in AP mode where the master is its own segment and I run MASQ between. I want to do this on br0. I think this may be a problem.</div><div><br></div><div>This is what I'm running as AP.</div><div><span style="font-family: Helvetica, Arial, sans-serif; background-color: #fdfdfd;" data-mce-style="font-family: Helvetica, Arial, sans-serif; background-color: #fdfdfd;"><br></span></div><div><span style="font-family: Helvetica, Arial, sans-serif; background-color: #fdfdfd;" data-mce-style="font-family: Helvetica, Arial, sans-serif; background-color: #fdfdfd;"><span style="font-family: Helvetica, Arial, sans-serif; background-color: #fdfdfd;" data-mce-style="font-family: Helvetica, Arial, sans-serif; background-color: #fdfdfd;"></span></span><p style="margin: 0px;" data-mce-style="margin: 0px;"><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">root@ubuntu-armhf:/var/log/squid3# iptables-save</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;"># Generated by iptables-save v1.4.21 on Wed Oct 8 19:16:05 2014</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">*nat</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">:PREROUTING ACCEPT [19449:5252310]</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">:INPUT ACCEPT [2463:322554]</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">:OUTPUT ACCEPT [3050:233042]</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">:POSTROUTING ACCEPT [437:34313]</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">-A PREROUTING -d 192.168.42.1/32 -i wlan0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 80</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">-A PREROUTING -i wlan0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.42.1:3128</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">-A POSTROUTING -o eth0 -j MASQUERADE</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">COMMIT</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;"># Completed on Wed Oct 8 19:16:05 2014</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;"># Generated by iptables-save v1.4.21 on Wed Oct 8 19:16:05 2014</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">*filter</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">:INPUT ACCEPT [75880:26877763]</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">:FORWARD ACCEPT [46248:14353426]</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">:OUTPUT ACCEPT [82935:57255711]</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">COMMIT</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;"># Completed on Wed Oct 8 19:16:05 2014</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;"># Generated by iptables-save v1.4.21 on Wed Oct 8 19:16:05 2014</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">*mangle</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">:PREROUTING ACCEPT [138354:46113773]</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">:INPUT ACCEPT [75887:26878127]</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">:FORWARD ACCEPT [46248:14353426]</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">:OUTPUT ACCEPT [82942:57256603]</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">:POSTROUTING ACCEPT [129190:71610029]</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">COMMIT</span><br><span style="font-family: 'courier new', courier, monaco, monospace, sans-serif;"># Completed on Wed Oct 8 19:16:05 2014</span></p><p style="margin: 0px;" data-mce-style="margin: 0px;"><br></p><p style="margin: 0px;" data-mce-style="margin: 0px;">On the wlan0 192.168.42.1 address I run lighttpd with a cgi that allows me to switch modes. Not really needed for the attic because it</p><p style="margin: 0px;" data-mce-style="margin: 0px;">will always run as a bridge.</p><p style="margin: 0px;" data-mce-style="margin: 0px;"><br></p><p style="margin: 0px;" data-mce-style="margin: 0px;">I want to stay in bridged mode, but I want all devices that connect to that AP to go into Squid transparently. The little bit today that I've ran</p><p style="margin: 0px;" data-mce-style="margin: 0px;">Squid on my BBB AP I've learned a lot about my Android phone and what it is connecting to. My goal is more visibility on my home network so I guess after getting Squid on it we'll move on to ntop. When things lag I want to be able to see the cause.</p><p style="margin: 0px;" data-mce-style="margin: 0px;"><br></p><p style="margin: 0px;" data-mce-style="margin: 0px;"><strong>I can't run these rules against wlan0 and eth0 while both are part of br0? Or can I?</strong></p><p style="margin: 0px;" data-mce-style="margin: 0px;"><strong><br></strong></p><p style="margin: 0px;" data-mce-style="margin: 0px;"><strong><br></strong></p><p style="margin: 0px;" data-mce-style="margin: 0px;"><strong><br></strong></p><p style="margin: 0px;" data-mce-style="margin: 0px;">Chris</p><p style="margin: 0px;" data-mce-style="margin: 0px;"><br></p><p style="margin: 0px;" data-mce-style="margin: 0px;"><br></p></div></div></body></html>