* Brouter basic question .
@ 2010-03-30 13:01 ratheesh k
2010-03-30 14:22 ` Michele Petrazzo - Unipex
2010-03-30 15:00 ` John Haxby
0 siblings, 2 replies; 4+ messages in thread
From: ratheesh k @ 2010-03-30 13:01 UTC (permalink / raw)
To: netfilter
Hi ,
i have a rule
ebtables -t broute -A BROUTING -j ACCEPT .
So packet wont traverse any other chain ? ( Prerouting , Input ,
Forward , Postrouting ) ???
Thanks,
Ratheesh
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Brouter basic question .
2010-03-30 13:01 Brouter basic question ratheesh k
@ 2010-03-30 14:22 ` Michele Petrazzo - Unipex
2010-03-30 14:47 ` Jan Engelhardt
2010-03-30 15:00 ` John Haxby
1 sibling, 1 reply; 4+ messages in thread
From: Michele Petrazzo - Unipex @ 2010-03-30 14:22 UTC (permalink / raw)
To: ratheesh k; +Cc: netfilter
ratheesh k ha scritto:
> Hi ,
>
> i have a rule
>
> ebtables -t broute -A BROUTING -j ACCEPT .
>
> So packet wont traverse any other chain ? ( Prerouting , Input ,
> Forward , Postrouting ) ???
>
http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html
And
http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png
broute and iptables chains are different things.
Michele
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Brouter basic question .
2010-03-30 14:22 ` Michele Petrazzo - Unipex
@ 2010-03-30 14:47 ` Jan Engelhardt
0 siblings, 0 replies; 4+ messages in thread
From: Jan Engelhardt @ 2010-03-30 14:47 UTC (permalink / raw)
To: Michele Petrazzo - Unipex; +Cc: ratheesh k, netfilter
On Tuesday 2010-03-30 16:22, Michele Petrazzo - Unipex wrote:
> ratheesh k ha scritto:
>> Hi ,
>>
>> i have a rule
>>
>> ebtables -t broute -A BROUTING -j ACCEPT .
>>
>> So packet wont traverse any other chain ? ( Prerouting , Input ,
>> Forward , Postrouting ) ???
>>
>
> http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html
>
> And
>
> http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png
>
> broute and iptables chains are different things.
These graphics are outdated. Please see the one from
http://en.wikipedia.org/wiki/Iptables instead (which represents modern
kernels).
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Brouter basic question .
2010-03-30 13:01 Brouter basic question ratheesh k
2010-03-30 14:22 ` Michele Petrazzo - Unipex
@ 2010-03-30 15:00 ` John Haxby
1 sibling, 0 replies; 4+ messages in thread
From: John Haxby @ 2010-03-30 15:00 UTC (permalink / raw)
To: ratheesh k; +Cc: netfilter
On 30/03/10 14:01, ratheesh k wrote:
> Hi ,
>
> i have a rule
>
> ebtables -t broute -A BROUTING -j ACCEPT .
>
> So packet wont traverse any other chain ? ( Prerouting , Input ,
> Forward , Postrouting ) ???
>
I thought this was obvious, but on second thoughts, it's probably not as
obvious as all that
$ man ebtables
...
The targets DROP and ACCEPT have a special
meaning in
the broute table (these names are used instead of more
descrip-
tive names to keep the implementation generic). DROP
actually
means the frame has to be routed, while ACCEPT means
the frame
has to be bridged.
and in the diagram that Jan pointed to
(http://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg)
it becomes clear: -J ACCEPT means that the frame goes to the ebtables
nat table; DROP means it goes up into the network layer for iptables to
play with.
You'll make life easier for yourself as well if you call layer two
things "frames" and layer three things "packets".
jch
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-03-30 15:00 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-03-30 13:01 Brouter basic question ratheesh k
2010-03-30 14:22 ` Michele Petrazzo - Unipex
2010-03-30 14:47 ` Jan Engelhardt
2010-03-30 15:00 ` John Haxby
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).