Hi
I'm fairly new to ebtables and netfiltering so I will start by
describing what I would like to achieve.
My setup is rougly the one below:
/----------br0----------\ rest of computers
192.168.0.x
| | |
Music box -----eth1-- xubuntu machine --eth0----------- router
--------> Internet
192.168.0.x | 192.168.0.x 192.168.0.1(DHCP server)
\-----------------------/
|
| Non local 192.168.0.x traffic
|
\----> different internet gateway or VPN
On my network I have a music box (Sonos) which needs to be visible on
my 192.168.0.x subnet (other wise my other computers will not be able
find it). But for which I would like to divert all non local to an
external gateway (possibly through a VPN connection)
The bridge now seems to work properly which mean that as soon as my
xubuntu machine (actually a virtual machine) starts the Sonos show up
on the network.
Next step however is to divert the non local traffic to a 2nd gateway.
Judging form what i have read so far I am assuming I will need ebtables for this
I found the following example but am not quite sure whether this
indeed what I need.
http://ebtables.sourceforge.net/examples/example3.html
Any help on the next step is appreciated!
p.s.
below some settings I am currently using
/etc/network/interfaces
----------------------
auto lo
iface lo inet loopback
# Bridge between eth0 and eth1
auto br0
iface br0 inet dhcp
pre-up ifconfig eth0 down
pre-up ifconfig eth1 down
pre-up brctl addbr br0
pre-up brctl addif br0 eth0
pre-up brctl addif br0 eth1
pre-up ifconfig eth0 0.0.0.0
pre-up ifconfig eth1 0.0.0.0
post-down ifconfig eth0 down
post-down ifconfig eth1 down
post-down ifconfig br0 down
post-down brctl delif br0 eth0
post-down brctl delif br0 eth1
post-down brctl delbr br0
--------------------------------
I currently also have shorewall setup but basically this has been
setup to allow everything
(I was planning to tighten things up once i have got things working)
/etc/shorewall/policy
-------------------------
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc net ACCEPT
loc $FW ACCEPT
loc all ACCEPT
$FW net ACCEPT
$FW loc ACCEPT
$FW all ACCEPT
net $FW ACCEPT
net loc ACCEPT
net all ACCEPT
all all ACCEPT
----------------------------------
Also I used to have masquerading setup
/etc/shorewall/masq
---------------------------
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 eth1
--------------------------
I guess I don't need this anymore since I have since setup the bridge
to bridge the traffic form eth1 to eth0 (i.s.o. routing it)
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
