Hi Mr. Engelhardt, 2010/12/17 Jan Engelhardt <jengelh@xxxxxxxxxx>: >>ebtables -t broute -A BROUTING -i eth1 -p ipv4 --ip-dst >>200.152.32.0/24 -j redirect --redirect-target ACCEPT >>ebtables -t broute -A BROUTING -i eth2 -p ipv4 --ip-src >>200.152.32.0/24 -j redirect --redirect-target ACCEPT > > Odd combination of redirect with BROUTING. I am surprised ebtables > even allows the use of "redirect" outside its nat table. It's a recommendation from the squid guys: http://wiki.squid-cache.org/Features/Tproxy4#ebtables_on_a_Bridging_device >>ebtables -t broute -A BROUTING -i eth1 -p ipv4 --ip-proto tcp >>--ip-dport 80 -j redirect --redirect-target DROP >>ebtables -t broute -A BROUTING -i eth2 -p ipv4 --ip-proto tcp >>--ip-sport 80 -j redirect --redirect-target DROP > Do you have any other suggestions on how to do something like this: "Bridge all the traffic. Route tcp/80....BUT if it's from this network, then bridge it". This is my goal with these rules. If there's a document I can read to create this, I'd appreciate any pointers. Cheers, - Robert -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
