From mboxrd@z Thu Jan 1 00:00:00 1970 From: Abraham van der Merwe Date: Tue, 04 Mar 2003 18:22:45 +0000 Subject: Re: [LARTC] more bridging + qos confusion MIME-Version: 1 Content-Type: multipart/mixed; boundary="17pEHd4RhPHOinZp" Message-Id: List-Id: References: In-Reply-To: To: lartc@vger.kernel.org --17pEHd4RhPHOinZp Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Martin! I just applied the bridge-nf and ebtables patches and tried it and I can match packets in the mangle table as usual (also have to use FORWARD for packets passing through the machine). > Ack! I meant to say: >=20 > "It sounds like you are running bridging without the netfilter hooks." >=20 > But, of course, you understood what I meant. >=20 > : No, I'm not running with ebtables+nf support. From what I understand > : (and please correct me if I'm wrong), patching the kernel with > : ebtables+bridge-nf, you get an ebtables table with BROUTING, FORWARD, > : and NAT chains which you can match traffic on. > : > : However, I need to match traffic in the mangles table, so the ebtables > : table won't help me. >=20 > In order for you to be able to use iptables *at all* with the bridging > code, you need the bridge+nf patch(es). >=20 > : (a) If I add the bridge-nf + ebtables patches, will I be able to match > : traffic on OUTPUT/FORWARD/POSTROUTING in the mangle table? >=20 > Good question. I haven't used the OUTPUT and POSTROUTING chains, but I > have used the FORWARD chain on a bridge+nf installation. I think the link > you forwarded to this list earlier today [1] shows the sequence of > netfilter hook traversal, but assumes that you are running bridge+nf. >=20 > : (b) Why does netfilter not currently see the traffic even though a tc= pdump > : on eth0/eth1 shows all the traffic passing through the interfaces? >=20 > See above.... >=20 > -Martin >=20 > [1] http://www.sparkle-cc.co.uk/firewall/firewall.html --=20 Regards Abraham It is more rational to sacrifice one life than six. -- Spock, "The Galileo Seven", stardate 2822.3 ___________________________________________________ Abraham vd Merwe [ZR1BBQ] - Frogfoot Networks P.O. Box 3472, Matieland, Stellenbosch, 7602 Cell: +27 82 565 4451 Http: http://www.frogfoot.net/ Email: abz@frogfoot.net --17pEHd4RhPHOinZp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+ZO710jJV70h31dERAmASAJ9VbbwhX8SaVn1yLwe0oHYKkv2Z/QCgmpvV T/zoSMlIj1qd+36aWWXO+hM= =KLSL -----END PGP SIGNATURE----- --17pEHd4RhPHOinZp-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/