On Sat, Jun 07, 2003 at 06:37:50PM +1000, calvin wrote: > Dear all, > > I got a serious problem with my netfilter programe. > > what i am trying to do is capture a packet frmo A to B in the same network > and direct it to QUEUE. > > My setup is > > A B > \ / > \ / > HUB > | (eth0) > GW > |(eth1) > | > | > > is that possible to: when A send a message to B port 1700 (for example) , > the iptales in GW can grep the packet and put into queue for processing and > put it back to the line? no, of course not. You seem to have a basic misunderstanding about network topology. A and B are on the same layer 2, they are never sent through your gateway. The GW is only involved when the packet needs to be passed from one layer 2 segment to the other layer 2 segment. > is that any way I can do what I want to do in module? in iptables? No. And this is not a limitation of iptables, it's a fundamental principle of ethernet. > Regards, > Calvin -- - Harald Welte <laforge@xxxxxxxxxxxxx> http://www.netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
Attachment:
pgp00476.pgp
Description: PGP signature
