lau den 29.04.2006 klokka 20:37 (+0200) skreiv Peter Stuge: > > > > This could possibly be achieved with EBtables, but I haven't tried > > > > that. > > > > > > Depending on the addressing plan that could get really messy really > > > quickly, especially if the application has no knowledge about the > > > network and lots of translation is required. > > > > You don't need any translation, what I ment had to be implemented > > with ebtables is the arp behaviour - probably not needed here. > > The server has to understand that all this traffic is destined for > the local host, but I guess iptables REDIRECT would do the trick, no > ebtables needed. ARP entries should be picked up from incoming > packets, right? The linux host should answer all traffic with it's own mac-address, then when the other host start sending traffic destined for another host on an another private vlan - the linux host should forward this traffic on with rewritten mac address, and the other way around. Proxy arp and multiple vlan could also solve this but that seems messier. >From the linux host all hosts seem to be on the same broadcast domain, so it should not have to be in the packet path. On Juniper M-series router you have something called local-proxy-arp, seems like some cisco switches have it too. It would have been nice to have this as a kernel feature of the linux-kernel. I don't think redirect would do, since this have to work at layer 2 instead of layer 3, correct my if I'm wrong - I haven't used lab time to get this working. -- Roy-Magne Mo <rmo@xxxxxxxxxxxx>
