From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: Redirecting ports in a bridge
Date: Tue, 22 Apr 2008 09:29:24 -0500 [thread overview]
Message-ID: <480DF644.8010302@riverviewtech.net> (raw)
In-Reply-To: <480D8272.1020200@juntadeandalucia.es>
On 04/22/08 01:15, Javier Prieto Martínez wrote:
> Yes. We are logging and filtering right now, but we want to redirect
> traffic too.
*nod*
> The point is we want the bridge to be transparent except for one
> particular redirection we want to do :-)
*nod*
> Thanks for the advice. I'll try with EBTables, then.
*nod*
Except for possibly some syntactical change your rules should be very
similar and operate in the same fashion.
Based on your previous statement "I don't want to mess with the real
IPs" it sounds like you don't even want to change source / destination
IPs of the traffic going to the back end system. Am I understanding you
correctly that you indeed want to not alter the source and / or
destination IP? If this is the case, be aware that you do not want to
NAT the IP and that you will be down to NATing the MAC address (which
can be done but is another discussion) as the frame is passing through
the bridge.
I guess I should ask:
+---+ +---+ +---+ +---+
| C +-- - - --+ R +---+ A +---+ S |
+---+ +---+ +---+ +---+
Presuming that C is the client, R is the router, A is the appliance, and
S is one or more of the servers, do you want S to see the source and
destination IP that the client connected to? Or is it ok for the
appliance to munge the source and / or destination IP (as seen by the
server) in the process of redirecting to the server?
Grant. . . .
next prev parent reply other threads:[~2008-04-22 14:29 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-18 9:27 Redirecting ports in a bridge Javier Prieto Martínez
2008-04-18 10:35 ` Jan Engelhardt
2008-04-18 10:55 ` Javier Prieto Martínez
2008-04-18 11:29 ` Jan Engelhardt
2008-04-18 11:41 ` Javier Prieto Martínez
2008-04-18 12:26 ` Marc Cozzi
2008-04-18 12:34 ` Javier Prieto Martínez
2008-04-23 15:25 ` Jan Engelhardt
2008-04-18 14:38 ` Grant Taylor
2008-04-21 6:55 ` Javier Prieto Martínez
2008-04-22 1:30 ` Grant Taylor
2008-04-22 6:15 ` Javier Prieto Martínez
2008-04-22 14:29 ` Grant Taylor [this message]
2008-04-22 15:10 ` Javier Prieto Martínez
2008-04-22 19:24 ` Grant Taylor
2008-04-23 15:24 ` Jan Engelhardt
2008-04-23 17:16 ` Grant Taylor
2008-04-23 18:48 ` Jan Engelhardt
2008-04-23 18:57 ` Grant Taylor
2008-04-24 6:15 ` Javier Prieto Martínez
2008-04-18 14:34 ` Grant Taylor
2008-04-18 14:44 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=480DF644.8010302@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox