On Thu, 17 Aug 2006, Robert LeBlanc wrote:
Is it possible to use iptables with two NICs in bridge mode? I'd like to
do some NATing on the back end for computers behind the router still.
Can that be done with virtual addresses, or can an adapter be in bridged
mode and IP mode (is that what it's called?) at the same time?
Yes, it is possible to do this. IIRC you used to need a patch, but I think
it was rolled in a while ago. Enable
CONFIG_BRIDGE_NETFILTER
Symbol: BRIDGE_NETFILTER [=y]
Prompt: Bridged IP/ARP packets filtering
Defined at net/Kconfig:137
Depends on: NET && BRIDGE && NETFILTER && INET
Location:
-> Networking
-> Networking support (NET [=y])
-> Networking options
-> Network packet filtering (replaces ipchains)
You may also want CONFIG_IP_NF_ARPTABLES (but this is a bit more
specialised):
Symbol: IP_NF_ARPTABLES [=m]
Prompt: ARP tables support
Defined at net/ipv4/netfilter/Kconfig:581
Depends on: NET && INET && NETFILTER && NETFILTER_XTABLES
Location:
-> Networking
-> Networking support (NET [=y])
-> Networking options
-> Network packet filtering (replaces ipchains) (NETFILTER [=y])
-> IP: Netfilter Configuration
Depending on where your bridge is in the network, you may also need to
turn on proxy arp for the interfaces in question.
The brctl tool is used to set up/remove bridges.
On debian this can be configured in /etc/network/interfaces iirc, or
just use an init script or similar.
