Redirection using DNAT on transparent bridge.

All of lore.kernel.org
 help / color / mirror / Atom feed

* Redirection using DNAT on transparent bridge.
@ 2004-11-09  3:23 Josh Nerius
  2004-11-09  9:11 ` Primero
  0 siblings, 1 reply; 2+ messages in thread
From: Josh Nerius @ 2004-11-09  3:23 UTC (permalink / raw)
  To: netfilter

Hello,

I am trying to redirect specific traffic, (for example, web traffic on
port 80) as it passes through a transparent bridge. Currently, I have
tried commands like this: (eth1 is external interface, eth0
internal...ths is sitting behind a linux nat router)

iptables -t nat -A PREROUTING -m physdev --physdev-in eth0 -s
192.168.150.222 -p tcp --dport 80 -j DNAT --to
destination.ip.address.here

The trouble I am running into seems to be related to routing I
think...I have an ip address set on the bridge virtual interface and
this communicates with the net just fine. I have been unable to find
documentation on this and would like to know if this is even possible?

Oh yes, I should also mention that if I change the DNAT to a host on
the other side of the bridge that is in the local lan (i.e. the router
or other test boxes I've put on a switch for experimentation) the
redirection seems to work.

Any info is greatly appreciated,

Josh Nerius

-- 
Math problems? Call 1-800-[(10x)(13i)^2]-[sin(xy)/2.362x]

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Redirection using DNAT on transparent bridge.
  2004-11-09  3:23 Redirection using DNAT on transparent bridge Josh Nerius
@ 2004-11-09  9:11 ` Primero
  0 siblings, 0 replies; 2+ messages in thread
From: Primero @ 2004-11-09  9:11 UTC (permalink / raw)
  To: Josh Nerius; +Cc: netfilter

[-- Attachment #1: Type: text/plain, Size: 860 bytes --]

Josh Nerius wrote:

>Hello,
>...
>
>iptables -t nat -A PREROUTING -m physdev --physdev-in eth0 -s
>192.168.150.222 -p tcp --dport 80 -j DNAT --to
>destination.ip.address.here
>
>  
>
where this "destination ip address" is? i mean, is it another network on 
the same firewall/router, is it an host somewhere out there on the net?

I use some rules like this one on my Bridged Firewall to DNAT some 
connection on a 3rd network i have on this firewall and, with the add of 
some rules in FORWARD chain, it works fine.

Do u ACCEPT traffic for "destination.ip.address.here" ?

maybe a little bit more rules would help :)

-- 
---------------------------------------
#######################################

"Linux, the choice of a GNU generation"
     ==Micro$oft - just say NO== 

#######################################
---------------------------------------


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 256 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2004-11-09  9:11 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-11-09  3:23 Redirection using DNAT on transparent bridge Josh Nerius
2004-11-09  9:11 ` Primero

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.