[Chilli] Problems with filtering when using ethernet bridge
timwhite88 at gmail.com
Thu Jan 26 10:25:12 UTC 2012
I'm wondering if anyone else has had problems trying to do some iptables
filtering (in particular redirection for transparent proxy) when using
Coova Chilli with a bridge interface?
I have hostapd on wlan0, and have br0 (containing wlan0 and eth1) that I
want to run coova chilli on.
It all works fine until I try to do any iptables rules that perform
redirections or modify packets. Both the REDIRECT target, and DNAT end
up making the packets reappear on the br0 interface, instead of the tun0
interface. (And yes, the rules are working on packets from tun0, I'm
using "-i $TUNTAP" in my rules). Because the rules are to drop
everything trying to appear on br0, when I try and redirect packets to
transparent proxy server, the packets are being dropped.
Other than running 2 instances of chilli, one for each interface, what
other ideas to people have for getting this to work?
More information about the Chilli