On Thu, Feb 28, 2002 at 12:41:30PM -0500, Jorge S. wrote:
> Ok, so: > > 1) Itables and ebtables can work together, just need to patch the kernel with: > > iptables from > netfilter.org This shouldn't be necessary (only if you want additional matches) > bridge > bridge-nf-0.0.6-against-2.4.18.diff Yup. > ebtables from > http://users.pandora.be/bart.de.schuymer/ebtables/sourcecode.html > ebtables-v1.02.tar.gz This is probably the userspace util. > AND > ebtablesv1.0_vs_nf-0.0.4.diff And this is probably the kernel patch. > 2) In diverter.sourceforge.net > > They say: > > "Here, packets are simply traversing the bridge, and setting up a redirection > rule like: > > ipchains -A input -i eth1 -p tcp -d 0/0 80 -j REDIRECT 8080 > > won't help, 'cause packets are not aimed at the Linux box. > That's where I come with the patch, which basically replaces the router's > mac address by the mac address of eth1 for TCP packets with dst port of 80. > That way, packets are traversing the Linux ip firewall and are treated by > the above redirection rule :-)" Ignore the diverter project, it has been obsoleted by the bridge-nf patch. What is said is true though, you would need a rule like: iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 8080 > Can ebtables replace the router's mac addess by the mac address of eth1 for > tcp packets to be redirected? Should be.. > BTW: All this stuff about firewall bridging just rulez!!! It's way better > than many commercial solutions... congratz to everybody that made it > possible! Thanks. cheers, Lennert _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
