From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Martin A. Brown" Date: Tue, 04 Mar 2003 17:43:45 +0000 Subject: Re: [LARTC] more bridging + qos confusion Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Ack! I meant to say: "It sounds like you are running bridging without the netfilter hooks." But, of course, you understood what I meant. : No, I'm not running with ebtables+nf support. From what I understand : (and please correct me if I'm wrong), patching the kernel with : ebtables+bridge-nf, you get an ebtables table with BROUTING, FORWARD, : and NAT chains which you can match traffic on. : : However, I need to match traffic in the mangles table, so the ebtables : table won't help me. In order for you to be able to use iptables *at all* with the bridging code, you need the bridge+nf patch(es). : (a) If I add the bridge-nf + ebtables patches, will I be able to match : traffic on OUTPUT/FORWARD/POSTROUTING in the mangle table? Good question. I haven't used the OUTPUT and POSTROUTING chains, but I have used the FORWARD chain on a bridge+nf installation. I think the link you forwarded to this list earlier today [1] shows the sequence of netfilter hook traversal, but assumes that you are running bridge+nf. : (b) Why does netfilter not currently see the traffic even though a tcpdump : on eth0/eth1 shows all the traffic passing through the interfaces? See above.... -Martin [1] http://www.sparkle-cc.co.uk/firewall/firewall.html -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/