[ale] More iptables fun

Chris Fowler cfowler at outpostsentinel.com
Wed Oct 8 15:23:59 EDT 2014 

I'm close to removing the Linksys in my attic and replacing it with a Begalebone Black Rev C. We'll call the new one: "The Great Wall". :) 

I run that device as a bridge between the master wireless interface and the lan ports. This allow devices to connect to it and me to ping those devices from my office. 

I've been able to install and run Squid 3 on my BBB AP. I've got this working in AP mode where the master is its own segment and I run MASQ between. I want to do this on br0. I think this may be a problem. 

This is what I'm running as AP. 



root at ubuntu-armhf:/var/log/squid3# iptables-save 
# Generated by iptables-save v1.4.21 on Wed Oct 8 19:16:05 2014 
*nat 
:PREROUTING ACCEPT [19449:5252310] 
:INPUT ACCEPT [2463:322554] 
:OUTPUT ACCEPT [3050:233042] 
:POSTROUTING ACCEPT [437:34313] 
-A PREROUTING -d 192.168.42.1/32 -i wlan0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 80 
-A PREROUTING -i wlan0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.42.1:3128 
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 
-A POSTROUTING -o eth0 -j MASQUERADE 
COMMIT 
# Completed on Wed Oct 8 19:16:05 2014 
# Generated by iptables-save v1.4.21 on Wed Oct 8 19:16:05 2014 
*filter 
:INPUT ACCEPT [75880:26877763] 
:FORWARD ACCEPT [46248:14353426] 
:OUTPUT ACCEPT [82935:57255711] 
COMMIT 
# Completed on Wed Oct 8 19:16:05 2014 
# Generated by iptables-save v1.4.21 on Wed Oct 8 19:16:05 2014 
*mangle 
:PREROUTING ACCEPT [138354:46113773] 
:INPUT ACCEPT [75887:26878127] 
:FORWARD ACCEPT [46248:14353426] 
:OUTPUT ACCEPT [82942:57256603] 
:POSTROUTING ACCEPT [129190:71610029] 
COMMIT 
# Completed on Wed Oct 8 19:16:05 2014 




On the wlan0 192.168.42.1 address I run lighttpd with a cgi that allows me to switch modes. Not really needed for the attic because it 

will always run as a bridge. 




I want to stay in bridged mode, but I want all devices that connect to that AP to go into Squid transparently. The little bit today that I've ran 

Squid on my BBB AP I've learned a lot about my Android phone and what it is connecting to. My goal is more visibility on my home network so I guess after getting Squid on it we'll move on to ntop. When things lag I want to be able to see the cause. 




I can't run these rules against wlan0 and eth0 while both are part of br0? Or can I? 










Chris 





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20141008/5eb4ddd1/attachment.html>

More information about the Ale mailing list