Re: [LARTC] Trouble redirecting traffic on transparent bridge. - Carl-Daniel Hailfinger

From: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2005@gmx.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Trouble redirecting traffic on transparent bridge.
Date: Fri, 02 Dec 2005 20:12:06 +0000	[thread overview]
Message-ID: <4390AA96.5020602@gmx.net> (raw)
In-Reply-To: <20051202134939.4CCFD7B525@ws5-10.us4.outblaze.com>

Hi,

Kran Kor schrieb:
> I have posted this question to the netfilter mailing list along with
 > #ebtables, #iptables, and #netfilter.  Nobody has really responded,
 > so I'm led to believe that it is either incredibly complicated or
 > *really* simple.  Please, somebody throw me a bone here!  Ok, on with
 > the show...
>   
> I have a bridge (br0) with two interfaces (eth1 and eth2).  Neither
 > br0, eth1, or eth2 have an IP address assigned to them.  Eth0 is the
 > only interface with an IP.  There is a web server running locally on
 > this bridge configured so that any request sent to it returs the only
 > page.  I'm trying to get all web traffic (port 80 for now) from
 > certain clients transparently redirected to the local web server.
 > Basically I want to take traffic from a client matching virii/malware
 > traffic and redirect it to a web page that has instructions for
 > disinfection/cleaning. Also I want to isolate any infected clients
 > traffic to only one side of the bridge.  I want to keep these bridges
 > as "transparent" as possible.

Linux can't do this.

If you doubt the sentence above, prove me wrong.

I tried the same, even got some help from lartc and ebtables and it
still didn't work. Technically, there is no reason why it can't work,
but in reality it fails.

Regards,
Carl-Daniel
-- 
http://www.hailfinger.org/
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc