Op di, 18-10-2005 te 02:03 +0200, schreef Carl-Daniel Hailfinger: > Bart De Schuymer schrieb: > > Op do, 13-10-2005 te 23:55 +0200, schreef Carl-Daniel Hailfinger: > > > >> However, once I insert the ebtables rule to actually do the > >> redirection, all packets I want to redirect get dropped. This > >> happens regardless of where I try to broute the packets. I tried > >> DROPping them in BROUTING, REDIRECTing them in PREROUTING, DNATing > >> them to the MAC of eth0 in PREROUTING, but each time the packets > >> never leave eth0. > >> [...] > >> bridge:~ # ebtables -t nat -L --Lx > >> ebtables -t nat -N ifacefilter-int ebtables -t nat -N proxy > >> ebtables -t nat -A PREROUTING -i bridgeint -j ifacefilter-int > >> ebtables -t nat -A ifacefilter-int -p IPv4 --ip-src 192.168.0.0/24 > >> --ip-proto tcp --ip-dport 80 -j proxy > >> ebtables -t nat -A proxy -j mark --set-mark 0x1 --mark-target > >> CONTINUE > > > >> ebtables -t nat -A proxy -j dnat --to-dst 00:11:22:33:44:55 > >> --dnat-target ACCEPT > > > > > > Make this 00:01:02:03:04:05, or just use -j redirect > > Sorry if I was unclear, but -j redirect doesn't work. Same for --to-dst > 00:01:02:03:04:05. That's why I tried to use the MAC of eth0 in --to-dst. OK. Anyway, you need to use the MAC address of the logical bridge device. Please first try it with a simpler setup in which you don't need to mark the packet, using a simple routing table. Do any packets leave on eth0? cheers, Bart _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
