Yea, I use this. Make sure you have the netfilter patch installed. And remember, your bridge sees ALL the packets, so for example, if you redirect web requests as I do the linux box will redirect ALL requests, weather or not they'd traverse the bridge. (I wish it didn't) So 2 machines talking port 80 to each other on one side of the bridge would get an answer from the target machine AND the bridge, which pretty much screws everything up. Workaround: Use a switch on both sides of the bridge. (Kinda ironic huh?)
David
-----Original Message-----
From: Rob McMillen [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 22, 2002 9:38 AM
To: Bridge
Subject: [Bridge] I wonder
Would it be possible to have the bridge route something to its loopback
interface in order to provide a service that is bound to the localhost? If
I use DNAT to route a packet to the loopback interface, would this be
possible? I've tried it without success, but I may have the rules wrong.
$IPT -t nat -A PREROUTING -s $ME -d $SOME_IP -j DNAT --to-destination
127.0.0.1
$IPT -A INPUT -i lo -s $ME -j ACCEPT
$IPT -A OUTPUT -o lo -d $ME -j ACCEPT
I don't have a post routing rule because as I understand it, once the
PREROUTING rule hits, the packets will not traverse the nat table again.
I've added a static arp entry to my client to ensure that the packets with
$SOME_IP are directed at the bridging firewall.
Rob
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
