On Sat, 2004-08-28 at 05:32, Roy wrote: > I want to set interface to promisc mode and do all routing with iptables. You don't need to set an interface in promisc mode to do routing. You need the clients to have you configured as a router (easily acheived via dhcp). Routing isn't actually done with netfilter, although the routed packets are available for filtering. > Is it somehow possible? Is it possible to use netfilter to make a routing decision? I suppose it _might_ be (using the MARK target and iproute2), but it would be overly convulted, esp compared to doing it "the normal way". > I see now kernel do not pass everything to ipables. I think you'll find that netfilter _does_ see all packets it's supposed to see - it's just a matter of what chains they pass through. Routed packets will pass through the FORWARD chains. Of course, this won't happen unless you have configured your machine as a router, and you have clients actually using it as a router (see above). > Basicaly I want to ignore ethernet addess and use only ip for routing. Um, that's what routing is (at least, in my understanding). You're talking about a Layer 3 router, which makes routing decisions based on IP addreses/subnets. Cheers Andrew _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
