Re: Forwarded traffic bypassing filter

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I think there are ways to apply filters to
PreRouting/Forward/PostRouting stages, I might need to MARK these
packets using 'iptables' & then maybe use the FW filter, but what I want
to understand is if u32 filter can do the same job without marking the
packets?

The reason for such a configuration is to make it look like one flat
network & all these address are managed by one single central DHCP
server. There are reasons for not using it as a bridge, but that drifts
us away from the problem at hand. Suffice to say, all this works,
machineX can get to machine2 & machine2 can get to any of the machineX.


Thanks,
+Amit


--- Lawrence MacIntyre <lpz@xxxxxxxx> wrote:
> <being extremely subtle...>
> 
> I haven't looked at the code, but the path these packets take through
> the IP stack may be "unusual".  You have configured your network in a
> very strange manner.  Generally, for ethernet networks, you want all
> interfaces in the same subnet to be on the same broadcast network. 
> You
> might have better luck if you make Machine1 a bridge or a normal IP
> router.  Is there a reason why you have configured your network in
> this
> way?
> 
> On Fri, 2003-10-17 at 09:25, Amit Gandhi wrote:
> > The netmask is /8 in my config, but it can be /24 (doesn't matter a
> > whole lot). The traffic is not being bridged at Machine1, its simple
> > routing coz I've setup a route & ARP entry for Machine2 on Machine1
> and
> > IP Forwarding, Proxy ARP is enabled on Machine1.
> > 
> > Thanks
> > 
> > --- Lawrence MacIntyre <lpz@xxxxxxxx> wrote:
> > > Is the netmask actually /24 instead of /8 or are you bridging the
> > > traffic with Machine1?
> > > 

<SNIP>


__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux