Re: How make virtual interfaces ( subinterfaces ) on linux machine

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Clemens <clemens.schaefer@gmx.de>
To: netfilter@lists.netfilter.org
Subject: Re: How make virtual interfaces ( subinterfaces ) on linux machine
Date: Wed, 06 Dec 2006 08:57:51 +0100	[thread overview]
Message-ID: <457677FF.1010605@gmx.de> (raw)
In-Reply-To: <4575D2D9.4020308@riverviewtech.net>

[-- Attachment #1: Type: text/plain, Size: 1001 bytes --]

> 
> Then use IPTables / EBTables / ARPTables to your heart's content. If you
> enable layer 3 matching on layer 2 for ebtables, you can use IPTables to
> filter bridged traffic.

this is very interesting, because i was trying to set up a firewall
on a vmware server (vmware creates a bridge, which is not a linux
bridge (so brctl and ebtables do not work on this) , and connects
all virtual machines to this bridge in order to give access to the
network).

i did the exact thing as you described, created a dummy interface,
bridged my eth0 via a linuxbridge to the dummy interface, and then
connected the vmware bridge to my dummy interface. that way, i am
able to firewall the vmware traffic using ebtables.

but now my question: what are you using the is there any advantage
in using iptables to filter bridged traffic as you noted in my quote
above? i use ebtables to do all the filtering in the linuxbridge,
and it works pretty well..

thanks for your reply,

clemens

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 250 bytes --]

next prev parent reply	other threads:[~2006-12-06  7:57 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-12-05 19:49 How make virtual interfaces ( subinterfaces ) on linux machine Elvir Kuric
2006-12-05 20:13 ` Taylor, Grant
2006-12-05 20:15   ` Pollywog
2006-12-06  6:34   ` Elvir Kuric
2006-12-06  6:40     ` Grant Taylor
2006-12-06 11:05     ` Petr Pisar
2006-12-06 12:20       ` Elvir Kuric
2006-12-06  7:57   ` Clemens [this message]
2006-12-06  8:09     ` Grant Taylor
2006-12-06  8:21     ` Clemens
2006-12-07 11:41 ` Alexandru Dragoi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=457677FF.1010605@gmx.de \
    --to=clemens.schaefer@gmx.de \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.