Bridge - Mario Leone

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Mario Leone" <mario.leone@certimeter.it>
To: netfilter@vger.kernel.org
Subject: Bridge
Date: Wed, 8 Feb 2017 17:36:40 +0100	[thread overview]
Message-ID: <008c01d28229$87da0cd0$978e2670$@certimeter.it> (raw)

Dear users,

I have a GPON fiber home connection that consists in 2 apparatus: 

- Optical network terminal ( Huawei HG8010H)
- My ISP custom firmware router 

The router connects to ONT via WAN port and the traffic is basically ipv4
incapsulated in pppoe session incapsulated in 2 vlan trunk, one for http(s)
one for voip

I want so see the traffic that flows between router and ont so i built a
linux box with 2 ports configurated ad bridge with no ip

ONT ------ eth1[BOX]eth0 ------- Router

The tipical packet that flows had source mac address and destination mac
address of ont and router(depending on the direction) and the rest inside.
I could just put wireshark listening on br0 but I can see only unencrypted
traffic, so I want to do something a little more complicated.

I would intercept traffic on both directions and redirect  it to localhost
proxy with 3 stages:

1) setup ebtables to recognize traffic on http vlan(so all traffic) and
bring it to layer3
2) setup iptables to NAT packet on some ports to be intercepted by my ssl
proxy and leave untouched all other traffic
3) nat traffic back to original destination like it was sent by the router
or vice versa from the server

I failed any attempt to redirect traffic or even log it passing trough the
bridge.
Any help? 

Thanks

next             reply	other threads:[~2017-02-08 16:36 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-08 16:36 Mario Leone [this message]
2017-02-09 10:24 ` R: Bridge Mario Leone
2017-02-09 10:57   ` Pablo Neira Ayuso
2017-02-09 11:28     ` Mario Leone
2017-02-09 14:12 ` Bridge Alfredo Rezinovsky
  -- strict thread matches above, loose matches on Subject: below --
2012-01-09 13:26 recv list Kurt Van Dijck
2012-01-09 16:35 ` Wolfgang
2012-01-10  8:51   ` Kurt Van Dijck
2012-01-10 10:45     ` Wolfgang
2012-01-10 15:23       ` Kurt Van Dijck
2012-01-11 16:06         ` promiscuous mode Wolfgang
2012-01-12 15:37           ` bridge Kurt Van Dijck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='008c01d28229$87da0cd0$978e2670$@certimeter.it' \
    --to=mario.leone@certimeter.it \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.