ebtables brouting of all tcp and udp traffic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have created a bridge on my server and I would like to bridge only the protocols other than tcp and udp. For these protocols I have an application running on the box that is listening in promiscuous mode to catch these packets. 
The application is only interested in the packets not directly destined to the server itself.

I'm using the scrpt below to realize that:

MAC_OF_BR0=<MAC of my bridge>

ebtables -t broute --flush
ebtables -t broute -A BROUTING -d $MAC_OF_BR0 -p ipv4 -j redirect --redirect-target DROP
ebtables -t broute -A BROUTING -p ipv4 --ip-proto tcp -i eth0 -j DROP
ebtables -t broute -A BROUTING -p ipv4 --ip-proto tcp -i eth1 -j DROP
ebtables -t broute -A BROUTING -p ipv4 --ip-proto udp -i eth0 -j DROP
ebtables -t broute -A BROUTING -p ipv4 --ip-proto udp -i eth1 -j DROP

So far the brouting seems to work but as soon as I run this script, I'm not able to ssh to the server anymore. Also my application running on the server, has to connect to other server in the same configuration but it is not able to do it anymore. This is the reason why I added the 2nd line in the script but it doesn't work.

To sum up I need to broute all udp and tcp traffic, except the traffic destined to the bridge IP/interface.
How can I do it ?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux