I have created a bridge on my server and I would like to bridge only the protocols other than tcp and udp. For these protocols I have an application running on the box that is listening in promiscuous mode to catch these packets. The application is only interested in the packets not directly destined to the server itself. I'm using the scrpt below to realize that: MAC_OF_BR0=<MAC of my bridge> ebtables -t broute --flush ebtables -t broute -A BROUTING -d $MAC_OF_BR0 -p ipv4 -j redirect --redirect-target DROP ebtables -t broute -A BROUTING -p ipv4 --ip-proto tcp -i eth0 -j DROP ebtables -t broute -A BROUTING -p ipv4 --ip-proto tcp -i eth1 -j DROP ebtables -t broute -A BROUTING -p ipv4 --ip-proto udp -i eth0 -j DROP ebtables -t broute -A BROUTING -p ipv4 --ip-proto udp -i eth1 -j DROP So far the brouting seems to work but as soon as I run this script, I'm not able to ssh to the server anymore. Also my application running on the server, has to connect to other server in the same configuration but it is not able to do it anymore. This is the reason why I added the 2nd line in the script but it doesn't work. To sum up I need to broute all udp and tcp traffic, except the traffic destined to the bridge IP/interface. How can I do it ? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
