Re: Bridge, DNAT, New Tables and ip rules

[Grant Taylor <gtaylor@riverviewtech.net>]

On 6/15/2007 2:04 PM, semi linux wrote:
> Hrmm, that _might_ be it but I'm not convinced.  There are three 
> conditions which need to be satisfied: 
> - bridge traffic is bridged w/o interruption
> - all traffic from localhost uses eth0
> - traffic from one port on the localhost uses br0 instead of eth0

Having a list of criteria makes it a lot easier to understand what you 
are wanting to do, or at least how to come up with something to fulfill 
your goal(s).

Just based on your above description, here is what I would try to do.
  - Enslave eth50 & eth51 to br0
  - Bind an IP to br0
  - Bind an IP to eth0
  - Bind IPs as necessary to any other interfaces.
  - Use dev eth0 and eth0s source IP to talk to the local network.
  - Use dev br0 and br0s source IP for the exception above.

I *THINK* this can be accomplished with ip rules.

Use the NATing or Redirection on the bridged traffic to bring the 
traffic you want to effect in to Jose.  Have Jose do what you want as 
far as communicating with Dan.  Have all traffic that Jose send out go 
out via eth0 based on your ip table entries.  Use an ip rule to match 
the specific traffic you want to send out br0 to use a different routing 
table that is set to use dev br0 with br0s source IP for the specific 
traffic.

> Ugg, I hate ASCII art, but here go my Picasso skills...
>  ______             ______             _____
> |      |-->--1-->--|      |-->--2-->--|     |
> | Jack |           | Jose |           | Dan |
> |______|           |______|--<--3--<--|_____|
>                      |  |
>                      |  |
>                      5  4
>                      |  |
>                      V  V
> 
> This makes you appreciate white boards on a whole new level.

(Not bad.)

> I'm not sure what this means...  Since I want all traffic to go to 
> eth0, except for the traffic with a given source port, how are the 
> routing tables going to help me?

Do some reading on how the LARTC guide(s) suggest you deal with multiple 
internet connections.  In short, you are wanting by default all traffic 
to use eth0 with only the exception traffic to use br0.  I think you 
will see the custom routing tables and how to write ip rules to tell the 
system to use them.

> I did notice one interesting thing last night...  My Cisco RV042 
> that's used as a router in the middle is sending a lot of Gratuitous 
> ARP packets for an interface which itself owns... I'm guessing this 
> is a firmware bug of some kind and probably wouldn't affect my setup 
> anyway so I'm going to ignore it.

Are your bridged ethernet ports, eth50 and eth51, both facing the RVO42? 
  If they are this could be a sign that the RVO42 is getting confused by 
seeing its own traffic coming back in to its self.  If the RVO42 is 
confused it may be GARPing to try to avoid ARP poisoning by preemptively 
using ARP poisoning to keep things running.



Grant. . . .