On Wednesday 2010-12-29 19:48, Robert Pipca wrote: >Hi Mr. Engelhardt, > >2010/12/17 Jan Engelhardt <jengelh@xxxxxxxxxx>: >>>ebtables -t broute -A BROUTING -i eth1 -p ipv4 --ip-dst >>>200.152.32.0/24 -j redirect --redirect-target ACCEPT >>>ebtables -t broute -A BROUTING -i eth2 -p ipv4 --ip-src >>>200.152.32.0/24 -j redirect --redirect-target ACCEPT >> >> Odd combination of redirect with BROUTING. I am surprised ebtables >> even allows the use of "redirect" outside its nat table. > >It's a recommendation from the squid guys: > >http://wiki.squid-cache.org/Features/Tproxy4#ebtables_on_a_Bridging_device It is not overly wrong, just I did not expect to see it. Then again, ebtables has starkly diverged from iptables. >>>ebtables -t broute -A BROUTING -i eth1 -p ipv4 --ip-proto tcp >>>--ip-dport 80 Â-j redirect --redirect-target DROP >>>ebtables -t broute -A BROUTING -i eth2 -p ipv4 --ip-proto tcp >>>--ip-sport 80 Â-j redirect --redirect-target DROP >> > >Do you have any other suggestions on how to do something like this: >"Bridge all the traffic. Route tcp/80....BUT if it's from this >network, then bridge it". ebtables -t broute (...condition for "this network"...) -j ACCEPT ebtables -t broute -p tcp --dport 80 -j DROP ebtables -t broute -j ACCEPT That wouold be a simple translation of your sentence. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
