From: Josh Lehan <bridge@krellan.com>
To: bridge@osdl.org
Subject: Re: [Bridge] Re: Adding same physical port to multiple bridges
Date: Wed, 28 Jan 2004 17:38:26 -0800 [thread overview]
Message-ID: <40186412.70109@krellan.com> (raw)
In-Reply-To: <20040128100106.6c52ee20.shemminger@osdl.org>
Stephen Hemminger wrote:
> Probably not. What are you trying to do? Might to be bridge the
> physical LAN and do any filtering based on tag using bridge-filtering
> (ebtables).
I also have a need to add the same physical port to multiple bridges,
but my reason is different.
I have a block of static IP addresses, but instead of having a separate
routing subnet for the gateway, my gateway has been placed on one of my
own static IP addresses! So, I need to have a bridge in order to do
proper firewalling, since both filtered and unfiltered traffic must flow
on the same subnet.
Here is my network:
eth0 = to gateway, raw unfirewalled IP packets
(IP address is on the same subnet as the rest of my static IP addresses)
| br0
eth1 = to the rest of my machines on my static IP addresses
eth2 = additional machines on private IP addresses (via NAT)
(on a completely different subnet, using private IP addresses)
I have successfully firewalled my other static IP addresses by bridging
eth0 and eth1 together into br0. This works beautifully. None of my
machines have connection problems, and they are being defended by a
firewall.
However, for gaming purposes, I'd like to bridge eth1 and eth2 also
together. This is because non-IP protocols (such as IPX/SPX, used by
many games) are not routed across the subnets.
What would be really neat is if I could filter by protocol:
IP on eth1 = bridge to eth0/eth1
Non-IP on eth1 = bridge to eth1/eth2
I don't think the current bridging code supports this.
A workaround would be to find (or write) a simple utility that listens
to all non-IP packets coming in on both eth1 and eth2, and blindly
echoes the raw packets onto the other interface, so that the two
interfaces effectively become bridged with regards to non-IP packets.
This would be all done in userspace, so as not to interfere with the
kernel bridging code. Does such a program already exist?
Josh
next prev parent reply other threads:[~2004-01-29 1:38 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-28 1:10 [Bridge] Adding same physical port to multiple bridges Abhijit Kumbhare
2004-01-28 18:01 ` [Bridge] " Stephen Hemminger
2004-01-29 1:38 ` Josh Lehan [this message]
2005-05-26 18:41 ` Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40186412.70109@krellan.com \
--to=bridge@krellan.com \
--cc=bridge@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.