On 6/12/2007 2:12 PM, semi linux wrote:
Yes, I've had this setup running for quite a while but when adding a new ethernet card (on the same or different networks) I get a problem.
Ok, I just had to ask.
Actually, I've renamed two ports on a dual-port card to be eth50 and eth51 (done using udev rules) and they have a bridge interface of br0.
Do you really have that many interfaces, or are you just skipping a bunch of interfaces?
All other traffic flows just like normal through the bridge.
*nod*
The second rule is in place just in case Dan initiates conversation, instead of Jack. When the source is local, wouldn't the outgoing traffic be processed as follows?:
Does this rule ever match any packets?
program -> routing decision -> mangle::output, nat::output, filter::output, mangle::postrouting, nat::postrouting, interface, wire.
Sorry, with my current state of mind, I can't respond to this.
Therefore it'd never hit the nat::prerouting (or _any_ ::prerouting rules), right?
(See above.)
Jose has two IP address, eth0 and br0... they could be on the same subnet or different subnets (depending on install details).
Hum.
This is the crux of the problem, let me try to clarify... Jose does talk to Jack, but it's through the wrong interface (eth0 instead of br0 (eth50/eth51)). The packets that are coming out of eth0 are the proper responses, with Dan is listed as the source and Jack is the destination. The question is, w/o knowing Jack's IP how do I route them through br0?
Baring in mind that (by default) Linux will (primarily) use one interface on a subnet unless you do something to alter it. To this end I think you will need to match based on Dan's IP be it source or destination.
I was pointed in that direction by the good folks over on the Fedora mailing list but I'm all ears to try anything here and have no problem testing _sny_ suggestions.
I'm still not convinced that you need to mark the packets. In my opinion it is so much easier to match the source or destination IP.
br0 - eth50/51 - bridged. eth0,1,2,3,etc... independent. New NIC are brought-up in a typical fashion... added, with default gateway, etc.
Ok, I feel like I'm missing your config. Will you please list out your interfaces (logical and physical) as well as subnets. Granted the subnets can be a.b.c.x, d.e.f.x, g.h.i.x, etc.
I'm guess with the information I've provided above, you're going to suggest something different... I've already looked into bonding and STP... even adding eth0 to the bridge, none of those solutions seem to do the trick. Let me know if I should reconsider some of these in light of the above.
You will probably have to use custom routing tables including the tables including link addresses.
Grant. . . .
