----- Original Message ----- From: "Lennert Buytenhek" <[EMAIL PROTECTED]> To: "Jorge S." <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, February 28, 2002 7:07 PM Subject: Re: [Bridge] Bridge/Filtering and protocols beyond IP
> > ipchains -A input -i eth1 -p tcp -d 0/0 80 -j REDIRECT 8080 > > > > won't help, 'cause packets are not aimed at the Linux box. > > That's where I come with the patch, which basically replaces the router's > > mac address by the mac address of eth1 for TCP packets with dst port of 80. > > That way, packets are traversing the Linux ip firewall and are treated by > > the above redirection rule :-)" > Ignore the diverter project, it has been obsoleted by the bridge-nf > patch. What is said is true though, you would need a rule like: > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 8080 > > Can ebtables replace the router's mac addess by the mac address of eth1 for > > tcp packets to be redirected? > > Should be.. ebtables can't filter on tcp ports. If this is needed it can be added. Filtering on ip fields is supported. But for this REDIRECT stuff, it's not needed. The bridge-nf patch saves your day there. > > BTW: All this stuff about firewall bridging just rulez!!! It's way better > > than many commercial solutions... congratz to everybody that made it > > possible! > > Thanks. same here. cheers, Bart _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
