Hi, I do not know if I understand correctly. You want the IPv6 traffic across the bridge transparently. But whether a control standard for IPv4 - is it? To control what crosses the bridge or not you should use ebtables (in broute chain). I believe it is something like: ebtables -t broute -A BROUTING -p ipv4 -j DROP This prevents the processing of the * bridge * for IPv4 packets, but you can still use iptables to filter * routing *. I hope it's this and that works. Thanks. Em 22 de março de 2012 07:06, Humberto Jucá <betolj@xxxxxxxxx> escreveu: > Hi, > > I do not know if I understand correctly. > > You want the IPv6 traffic across the bridge transparently. > But whether a control standard for IPv4 - is it? > > To control what crosses the bridge or not you should use ebtables (in > broute chain). > I believe it is something like: > > ebtables -t broute -A BROUTING -p ipv4 -j DROP > > This prevents the processing of the * bridge * for IPv4 packets, but > you can still use iptables to filter * routing *. > > I hope it's this and that works. > Thanks. > > > 2012/3/22 Huebner, Thomas <thomas.huebner@xxxxxxxxxxxxx>: >> Hello, >> >> I have a computer (A) which is connected on the left side to a private >> network (usb0) and on the right side to a stand alone computer (B). >> >> >> ----+ +-----------------+ +-------+ >> NET | | BOX A | | BOX B | >> A +--IPv4---+--- IPv4 in ---+------IPv4--+ | >> +--IPv6-+ | IPv6 'arround' | +----IPv6--+ | >> | | +-----------------+ | +-------+ >> ----+ +->----<--->----<--->-+ >> >> >> I try to find a way to bridge the IPv6 traffic completely transparent >> (including all the ICMPv6 and solicitation stuff), between the >> interfaces usb0 and usb1 while the IPv4 traffic is not affected. >> >> I've tried using a brctl which connects the two interfaces perfectly, >> but disconnects them from the host A itself. >> Also marking the IPv6 packets with set-mark and routing them using "ip >> route" seems not to work. >> >> The iptables ROUTE target using the "--oif" option seems exactly what >> I'm looking for, but unfortunatly this target is not available for >> ip6tables. >> >> Has anyone an idea or hint? >> >> >> Thanks >> >> Thomas >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
