Thank you Richard. Anyway, I just found the solution while re-reading the FAQ http://ebtables.sourceforge.net/misc/brnf-faq.html (see section 3: How do I let vlan-tagged traffic go through a vlan bridge port and the other traffic through a non-vlan bridge port?). And lo-and-behold - after adding the ebtables rule .... ebtables -t broute -A BROUTING -j DROP -i eth1 -p 802_1Q --vlan-id 23 .... now everything works like a charm! I can now ping through br1 as well (br0 was never a problem) - vlan23-traffic arriving on eth1 does not get bridged, but instead the vlan23-tag is stripped and the packet then arrives magically on my vlan23-interface. Only after reading this part for the 3rd time just now, I suddenly understood the meaning, added the brouter rule, and done. Thank you all for your support, Z. richardvoigt@xxxxxxxxx wrote: > On Sun, Feb 21, 2010 at 5:24 PM, Zoilo Gomez <zoilo@xxxxxxxxx> wrote: > >> I have the following interfaces: >> => vlan22 and vlan2 on eth0 >> => vlan23 and untagged traffic on eth1 >> >> The essence is that: >> => vlan22@eth0 and vlan23@eth1 need to be bridged, and >> => vlan2@eth0 and the untagged traffic on eth1 need to be bridged. >> >> Software: >> => Gentoo 10.1 >> => linux 2.6.32.7 vanilla >> => vconfig 1.9 >> => bridge-utils 1.4 >> >> ===== My implementation: >> >> vconfig add eth0 2 >> vconfig add eth0 22 >> >> vconfig add eth1 23 >> >> brctl addbr br0 >> brctl addif br0 vlan2 >> brctl addif br0 eth1 >> >> brctl addbr br1 >> brctl addif br1 vlan22 >> brctl addif br1 vlan23 >> >> ebtables -P FORWARD DROP >> >> ebtables -A FORWARD -j ACCEPT -p ! 802_1Q -i eth1 -o vlan2 >> ebtables -A FORWARD -j ACCEPT -p ! 802_1Q -i vlan2 -o eth1 >> >> ebtables -A FORWARD -j ACCEPT -i vlan23 -o vlan22 >> ebtables -A FORWARD -j ACCEPT -i vlan22 -o vlan23 >> >> Unfortunately, the vlan23 interface stops receiving data as soon as eth1 >> is connected to br0. It seems that the bridge sucks all data from eth1, >> effectively disabling vlan23; why is this? >> >> How can I get access to the untagged data on eth1, while simultaneously >> using vlan23@eth1 ? >> >> Or should I use a different approach? >> > > This is an issue with linux vlan support, there is no interface for > untagged traffic. eth1 represents all traffic through that nic > whether tagged or not. > > You should ask this question again on the vlan mailing list, maybe > there's a new configuration option I don't know about or maybe they > can offer a workaround. > > >> Z. >> >> _______________________________________________ >> Bridge mailing list >> Bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx >> https://lists.linux-foundation.org/mailman/listinfo/bridge >> >> > > _______________________________________________ Bridge mailing list Bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/bridge
