El 13/06/10 14:22, Jonathan Tripathy escribió:
Hi Everyone,
Does anyone know any rules that I could use (using iptable, ebtables,
or otherwise) that could force all traffic coming from an interface to
go out via a particular interface? I'm using Xen and all the DomUs
("VMs" or "Guests") are connected to a linux bridge. I wish to force
all traffic from these VMs to go out via the interface which is
connected to my firewall (which itself is a filtering bridge). I wish
to do this all at the "link-layer" if possible.
I am lead to believe that in a linux bridge, all frames are sent to
all ports (a bit like the old-school hubs), so it could just be a
matter of blocking all traffic, except those which are for the
firewall interface, using ebtables.
Any help is very much appreciated.
Thanks
Jonathan
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
From iptables man:
physdev
This module matches on the bridge port input and output
devices enslaved to a bridge device. This module is a part of the
infrastructure that enables a transparent bridging IP firewall and
is only useful for kernel versions above version 2.5.44.
!] --physdev-is-out
Matches if the packet will leave through a bridge interface.
May be this module can be useful for you
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
