Any luck on this item ?
I built a tproxy upon bridge interface with tproxy-4.1.0, and it works fine. All I need to do is to add two ebtables broute rules below:
ebtables -t broute -A BROUTING -i $ETHIN \ -p ipv4 --ip-proto $TCP_PROTO --ip-dport $HTTP_PORT -j DROP ebtables -t broute -A BROUTING -i $ETHOUT \ -p ipv4 --ip-proto $TCP_PROTO --ip-sport $HTTP_PORT -j DROP
Sorry, I made a mistake here. People should use ebtables redirect target instead of '-j DROP'. otherwise after brouted, packets which passed rules still are type PACKET_OTHERHOST, then they will be dropped by ip_rcv immediately. I actually hacked bridge code to set all brouted packet to type PACKET_HOST because I didn't want to break my IP-MAC binding policy.
ebtables will force packets I specify being routed instead of being bridged, then packets will be routed to loopback interface. (Without the two rules, packets will be forwarded, ignoring any route rules)
Regards Daniel 2007-12-20