> I forgot why exactly you need the bridge port in iptables. We crossed in the email a minute ago when I described my H.323 stuff. There was another case a year or so ago that first turned me on to bridging. I inherited a network that had systems with IP Addresses all over the place both in front and behind the firewall. It was mess. I tried to set up a Linux firewall with proxy ARP but the results were very ugly. It turned out, they had this load balancer in their network nobody told me about and my proxy ARP and the load-balancer's proxy ARPs got confused with each other and this took down a popular website for an hour or so at 5 in the morning central time. And then I finally figured out what proxy ARP really meant when my outside eth0 interface was proxy-ARPing. This was in a co-lo site and there were other customers on the same Ethernet and I ended up proxy-ARPing for them - woops! This didn't cause any damage but it sure scared me to death! Needless to say, that was the last time I ever used proxy-ARP. So now I use bridging whenever I have devices that need public IP Addresses inside a mostly NATed network. - Greg -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
