Lennert Buytenhek wrote:
> > The REDIRECT target bombs out if you haven't assigned an IP address on
> > the ethernet interface. Better to use DNAT and specify the IP of your
> > bridge interface.
>
> Isn't this expected?
Not entirely.
The recommended bridge setup is using anonymous ethernet interfaces and only
have an IP on the virtual bridge interface. REDIRECT is not happy in such
setup as it tries to find the IP from the real interface and thus bombs out
as the IP protocol isn't configured at all on those interfaces.
There is at least two issues here
a) A netfilter/iptables bug where REDIRECT panics if the receiving interface
isn't configured for IP. (will write a patch for this soonish. trivial)
b) A bridge/netfilter integration bug where REDIRECT in a bridge tries to
find the IP address from the real ethernet interface while one expects it to
use the bridge interface.
--
Henrik Nordstrom
MARA Systems AB
Sweden
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
