[Chilli] Problems with filtering when using ethernet bridge

[Tim White]

I'm wondering if anyone else has had problems trying to do some iptables 
filtering (in particular redirection for transparent proxy) when using 
Coova Chilli with a bridge interface?
I have hostapd on wlan0, and have br0 (containing wlan0 and eth1) that I 
want to run coova chilli on.

It all works fine until I try to do any iptables rules that perform 
redirections or modify packets. Both the REDIRECT target, and DNAT end 
up making the packets reappear on the br0 interface, instead of the tun0 
interface. (And yes, the rules are working on packets from tun0, I'm 
using "-i $TUNTAP" in my rules). Because the rules are to drop 
everything trying to appear on br0, when I try and redirect packets to 
transparent proxy server, the packets are being dropped.

Other than running 2 instances of chilli, one for each interface, what 
other ideas to people have for getting this to work?

Thanks

Tim