Hi! If net.bridge.bridge-nf-call-iptables is set to zero (which is the default setting in Fedroa and RHEL6) xt_physdev has no effect. A rule like this one will never match: iptables -t nat -A PREROUTING -i bridge0 -m physdev --physdev-in eth0 -p tcp --dport 80 -j DNAT --to-destination :8080 IMHO the cause of the problem is in net/bridge/br_netfilter.c, br_nf_pre_routing() returns NF_ACCEPT before skb->nf_bridge is allocated and skb->nf_bridge->physindev set to skb->dev. Thanks, //richard
Attachment:
signature.asc
Description: OpenPGP digital signature
