I need to setup a transparent proxy bridge.

i can get transparent proxy to work, unfortunately i cannot get the same to
happen in bridge mode

router to internet/dhcp -----------mynetwork


My challenge

I can get the proxy to work transparently under the following conditions

eth1 gateway ( is the firewall / router
that connects to the internet)
eth0 no gateway

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
REDIRECT --to-port 3128

All the computers on the 192 network are able to surf the internet fine
provided the gateway is There transparent proxy works till
this point

if i turn my box into a bridge br0
with eth0 goes into promisc mode
eth1 goes into forwarding mode


all my clients(i converted them to 10.x.x.x network) can still connect to
the internet, but the http connections dont get proxied (there is no hits in
the squid access log)!!

can someone please explain me the following line on how it would apply to

From http://www.faqs.org/docs/Linux-mini/...rentProxy.html

If you are trying to setup a transparent proxy on a Linux machine that has
been configured as a bridge, you will need to add one additional iptables
command to what we had in section 5. Specifically, you need to explicitly
allow connections to the machine on port 3128 (or any other port squid is
listening on), otherwise the machine will just forward them over to the
other interface like a good little bridge. Here's the magic words:

a.. iptables -A INPUT -i interface -p tcp -d your_bridge_ip -s
local-network --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT
Replacing interface with the interface that corresponds to your_bridge_ip
(typically eth0 or eth1). First time bridge users should also note that
you'll probably want to repeat the same command with ``3128'' replaced by
``telnet'' if you want to administer your bridge remotely


Please assist!