On Thursday 14 September 2006 12:41, Pascal Hambourg wrote:
> > It'll have 10 nics, all paired off into round-robin bonds, so 5 usuable
> > interfaces. 1 colo facing, 3 private, 1 "public".
>
> What interfaces do you plan to bridge ?
bond0 to bond4 (probably). bond0 being the link to the colo, bond4 to
the "public" servers.
bond{1,2,3} private networks.
[snip lots of very useful information]
> I assume you plan to bridge the "colo" and "public" interfaces.
Yes, your diagram is correct.
> The bridge catches incoming ethernet frames before the IP stack can see
> them. So an ethernet frame forwarded from colo to public does not hit
> the IP stack, unless it is an ethernet broadcast.
Or destined for an IP/MAC assigned to the bridge interface?
That also explains the necessity for ebtables in addition to ip[6]tables.
> To try to answer your question, you can DNAT IP datagrams transported by
> ethernet frames which are not bridged to another interface.
Thanks very much, exactly what I wanted to hear.
--
Mike Williams
--
Mike Williams
