Hi, thanks for you'r quick response. I needed some time to fix and extend the kernel with ebt_broute. I'm using openembedded and all that bitbake stuff needs time... Finaly i've integrated ebtables and the necessary kernel modules. I assume that the preceding setup looks some thing like this (?): # brctl addbr br0 # brctl addif br0 usb0 # brctl addif br0 usb1 # ifconfig br0 0.0.0.0 up followed by: # ebtables -t broute -A BROUTING -p ipv4 -j DROP After that a can no longer ping (ipv4) the box from outside. Am I missing something, May be some sysctl's? Regards, Thomas > -----Original Message----- > From: Humberto Jucá [mailto:betolj@xxxxxxxxx] > Sent: Thursday, March 22, 2012 12:08 PM > To: Huebner, Thomas > Cc: netfilter@xxxxxxxxxxxxxxx > Subject: Re: Bridge IPv6 traffic between 2 interfaces > > Hi, > > I do not know if I understand correctly. > > You want the IPv6 traffic across the bridge transparently. > But whether a control standard for IPv4 - is it? > > To control what crosses the bridge or not you should use > ebtables (in broute chain). > I believe it is something like: > > ebtables -t broute -A BROUTING -p ipv4 -j DROP > > This prevents the processing of the * bridge * for IPv4 > packets, but you can still use iptables to filter * routing *. > > I hope it's this and that works. > Thanks. > > Em 22 de março de 2012 07:06, Humberto Jucá > <betolj@xxxxxxxxx> escreveu: > > Hi, > > > > I do not know if I understand correctly. > > > > You want the IPv6 traffic across the bridge transparently. > > But whether a control standard for IPv4 - is it? > > > > To control what crosses the bridge or not you should use > ebtables (in > > broute chain). > > I believe it is something like: > > > > ebtables -t broute -A BROUTING -p ipv4 -j DROP > > > > This prevents the processing of the * bridge * for IPv4 > packets, but > > you can still use iptables to filter * routing *. > > > > I hope it's this and that works. > > Thanks. > > > > > > 2012/3/22 Huebner, Thomas <thomas.huebner@xxxxxxxxxxxxx>: > >> Hello, > >> > >> I have a computer (A) which is connected on the left side to a > >> private network (usb0) and on the right side to a stand > alone computer (B). > >> > >> > >> ----+ +-----------------+ +-------+ > >> NET | | BOX A | | BOX B | > >> A +--IPv4---+--- IPv4 in ---+------IPv4--+ | > >> +--IPv6-+ | IPv6 'arround' | +----IPv6--+ | > >> | | +-----------------+ | +-------+ > >> ----+ +->----<--->----<--->-+ > >> > >> > >> I try to find a way to bridge the IPv6 traffic completely > transparent > >> (including all the ICMPv6 and solicitation stuff), between the > >> interfaces usb0 and usb1 while the IPv4 traffic is not affected. > >> > >> I've tried using a brctl which connects the two interfaces > perfectly, > >> but disconnects them from the host A itself. > >> Also marking the IPv6 packets with set-mark and routing them using > >> "ip route" seems not to work. > >> > >> The iptables ROUTE target using the "--oif" option seems > exactly what > >> I'm looking for, but unfortunatly this target is not available for > >> ip6tables. > >> > >> Has anyone an idea or hint? > >> > >> > >> Thanks > >> > >> Thomas > >> -- > >> To unsubscribe from this list: send the line "unsubscribe > netfilter" > >> in the body of a message to majordomo@xxxxxxxxxxxxxxx More > majordomo > >> info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
