* [LARTC] Re: [Ebtables-user] brouting on interfaces without IP
@ 2005-10-17 17:25 Bart De Schuymer
2005-10-18 0:03 ` Carl-Daniel Hailfinger
2005-10-18 18:03 ` Bart De Schuymer
0 siblings, 2 replies; 3+ messages in thread
From: Bart De Schuymer @ 2005-10-17 17:25 UTC (permalink / raw)
To: lartc
Op do, 13-10-2005 te 23:55 +0200, schreef Carl-Daniel Hailfinger:
> bridge:~ # ebtables -t nat -L --Lx
> ebtables -t nat -N ifacefilter-int
> ebtables -t nat -N proxy
> ebtables -t nat -A PREROUTING -i bridgeint -j ifacefilter-int
> ebtables -t nat -A ifacefilter-int -p IPv4 --ip-src 192.168.0.0/24
> --ip-proto tcp --ip-dport 80 -j proxy
> ebtables -t nat -A proxy -j mark --set-mark 0x1 --mark-target CONTINUE
> ebtables -t nat -A proxy -j dnat --to-dst 00:11:22:33:44:55
> --dnat-target ACCEPT
Make this 00:01:02:03:04:05, or just use -j redirect
cheers,
Bart
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 3+ messages in thread
* [LARTC] Re: [Ebtables-user] brouting on interfaces without IP
2005-10-17 17:25 [LARTC] Re: [Ebtables-user] brouting on interfaces without IP Bart De Schuymer
@ 2005-10-18 0:03 ` Carl-Daniel Hailfinger
2005-10-18 18:03 ` Bart De Schuymer
1 sibling, 0 replies; 3+ messages in thread
From: Carl-Daniel Hailfinger @ 2005-10-18 0:03 UTC (permalink / raw)
To: lartc
Bart De Schuymer schrieb:
> Op do, 13-10-2005 te 23:55 +0200, schreef Carl-Daniel Hailfinger:
>
>> However, once I insert the ebtables rule to actually do the
>> redirection, all packets I want to redirect get dropped. This
>> happens regardless of where I try to broute the packets. I tried
>> DROPping them in BROUTING, REDIRECTing them in PREROUTING, DNATing
>> them to the MAC of eth0 in PREROUTING, but each time the packets
>> never leave eth0.
>> [...]
>> bridge:~ # ebtables -t nat -L --Lx
>> ebtables -t nat -N ifacefilter-int ebtables -t nat -N proxy
>> ebtables -t nat -A PREROUTING -i bridgeint -j ifacefilter-int
>> ebtables -t nat -A ifacefilter-int -p IPv4 --ip-src 192.168.0.0/24
>> --ip-proto tcp --ip-dport 80 -j proxy
>> ebtables -t nat -A proxy -j mark --set-mark 0x1 --mark-target
>> CONTINUE
>
>> ebtables -t nat -A proxy -j dnat --to-dst 00:11:22:33:44:55
>> --dnat-target ACCEPT
>
>
> Make this 00:01:02:03:04:05, or just use -j redirect
Sorry if I was unclear, but -j redirect doesn't work. Same for --to-dst
00:01:02:03:04:05. That's why I tried to use the MAC of eth0 in --to-dst.
Regards,
Carl-Daniel
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 3+ messages in thread
* [LARTC] Re: [Ebtables-user] brouting on interfaces without IP
2005-10-17 17:25 [LARTC] Re: [Ebtables-user] brouting on interfaces without IP Bart De Schuymer
2005-10-18 0:03 ` Carl-Daniel Hailfinger
@ 2005-10-18 18:03 ` Bart De Schuymer
1 sibling, 0 replies; 3+ messages in thread
From: Bart De Schuymer @ 2005-10-18 18:03 UTC (permalink / raw)
To: lartc
Op di, 18-10-2005 te 02:03 +0200, schreef Carl-Daniel Hailfinger:
> Bart De Schuymer schrieb:
> > Op do, 13-10-2005 te 23:55 +0200, schreef Carl-Daniel Hailfinger:
> >
> >> However, once I insert the ebtables rule to actually do the
> >> redirection, all packets I want to redirect get dropped. This
> >> happens regardless of where I try to broute the packets. I tried
> >> DROPping them in BROUTING, REDIRECTing them in PREROUTING, DNATing
> >> them to the MAC of eth0 in PREROUTING, but each time the packets
> >> never leave eth0.
> >> [...]
> >> bridge:~ # ebtables -t nat -L --Lx
> >> ebtables -t nat -N ifacefilter-int ebtables -t nat -N proxy
> >> ebtables -t nat -A PREROUTING -i bridgeint -j ifacefilter-int
> >> ebtables -t nat -A ifacefilter-int -p IPv4 --ip-src 192.168.0.0/24
> >> --ip-proto tcp --ip-dport 80 -j proxy
> >> ebtables -t nat -A proxy -j mark --set-mark 0x1 --mark-target
> >> CONTINUE
> >
> >> ebtables -t nat -A proxy -j dnat --to-dst 00:11:22:33:44:55
> >> --dnat-target ACCEPT
> >
> >
> > Make this 00:01:02:03:04:05, or just use -j redirect
>
> Sorry if I was unclear, but -j redirect doesn't work. Same for --to-dst
> 00:01:02:03:04:05. That's why I tried to use the MAC of eth0 in --to-dst.
OK. Anyway, you need to use the MAC address of the logical bridge
device.
Please first try it with a simpler setup in which you don't need to mark
the packet, using a simple routing table.
Do any packets leave on eth0?
cheers,
Bart
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-10-18 18:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-10-17 17:25 [LARTC] Re: [Ebtables-user] brouting on interfaces without IP Bart De Schuymer
2005-10-18 0:03 ` Carl-Daniel Hailfinger
2005-10-18 18:03 ` Bart De Schuymer
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.