On Sat, Apr 29, 2006 at 08:11:07PM +0200, Roy-Magne Mo wrote: > You don't need vlan on the linux server to achieve this, private > vlan is not different vlan tags on the switch - but usually just > separate forwarding databases. This way the traffic is always > forwarded "upstream" to the linux server and never directly between > each member of the vlan. Sorry for the confusion. That setup sounds like just what was requested. > > > This could possibly be achieved with EBtables, but I haven't tried > > > that. > > > > Depending on the addressing plan that could get really messy really > > quickly, especially if the application has no knowledge about the > > network and lots of translation is required. > > You don't need any translation, what I ment had to be implemented > with ebtables is the arp behaviour - probably not needed here. The server has to understand that all this traffic is destined for the local host, but I guess iptables REDIRECT would do the trick, no ebtables needed. ARP entries should be picked up from incoming packets, right? > This is the way many DSLAM and switches in provider and campus > settings work. Yep, that makes sense. //Peter
