On 04/22/08 01:15, Javier Prieto Martínez wrote:
Yes. We are logging and filtering right now, but we want to redirect
traffic too.
*nod*
The point is we want the bridge to be transparent except for one
particular redirection we want to do :-)
*nod*
Thanks for the advice. I'll try with EBTables, then.
*nod*
Except for possibly some syntactical change your rules should be very
similar and operate in the same fashion.
Based on your previous statement "I don't want to mess with the real
IPs" it sounds like you don't even want to change source / destination
IPs of the traffic going to the back end system. Am I understanding you
correctly that you indeed want to not alter the source and / or
destination IP? If this is the case, be aware that you do not want to
NAT the IP and that you will be down to NATing the MAC address (which
can be done but is another discussion) as the frame is passing through
the bridge.
I guess I should ask:
+---+ +---+ +---+ +---+
| C +-- - - --+ R +---+ A +---+ S |
+---+ +---+ +---+ +---+
Presuming that C is the client, R is the router, A is the appliance, and
S is one or more of the servers, do you want S to see the source and
destination IP that the client connected to? Or is it ok for the
appliance to munge the source and / or destination IP (as seen by the
server) in the process of redirecting to the server?
Grant. . . .
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
