Hi, 2009/12/23 Felipe W Damasio <felipewd@xxxxxxxxx>: > But when I plug eth0 on the production environment network (which > uses multiple VLANs, one for the users and another for the internet), > http traffic stop working (ie. doesn't get routed to squid). One other thing: I tried using --log-level debug --log-ip log--arp on the ebtables rules, and had several entries on my syslog such as this: Dec 23 19:24:47 hyper kernel: ebtables-broute IN=eth0 OUT= MAC source = 00:21:a0:ce:9d:24 MAC dest = 00:1a:a2:5d:70:8d proto = 0x0800 IP SRC=189.10.205.122 IP DST=189.73.192.220, IP tos=0x00, IP proto=6 SPT=3774 DPT=80 Dec 23 19:24:47 hyper kernel: ebtables-broute IN=eth0 OUT= MAC source = 00:21:a0:ce:9d:24 MAC dest = 00:1a:a2:5d:70:8d proto = 0x0800 IP SRC=189.10.204.12 IP DST=64.233.163.86, IP tos=0x00, IP proto=6 SPT=1260 DPT=80 Dec 23 19:24:47 hyper kernel: ebtables-broute IN=eth0 OUT= MAC source = 00:21:a0:ce:9d:24 MAC dest = 00:1d:71:b0:23:11 proto = 0x0800 IP SRC=189.58.246.156 IP DST=72.21.81.133, IP tos=0x00, IP proto=6 SPT=2253 DPT=80 Dec 23 19:24:47 hyper kernel: ebtables-broute IN=eth0 OUT= MAC source = 00:21:a0:ce:9d:24 MAC dest = 00:1d:71:b0:23:11 proto = 0x0800 IP SRC=189.58.247.99 IP DST=69.175.26.18, IP tos=0x00, IP proto=6 SPT=49392 DPT=80 Dec 23 19:24:47 hyper kernel: ebtables-broute IN=eth0 OUT= MAC source = 00:21:a0:ce:9d:24 MAC dest = 00:1a:a2:5d:70:8d proto = 0x0800 IP SRC=201.66.236.140 IP DST=174.140.128.6, IP tos=0x00, IP proto=6 SPT=2060 DPT=80 I suppose it means that the ebtables rules are working. But why aren't they seen by the iptables rules? Again, I tried using a single cross-cable connected machine and these rules worked (and got logged just the the above). Could this be a kernel bug? Cheers, Felipe Damasio -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
