----- Original Message ----- From: "Lennert Buytenhek" <[EMAIL PROTECTED]> To: "Bart De Schuymer" <[EMAIL PROTECTED]> Cc: "Eric Low" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, March 01, 2002 9:41 PM Subject: Re: [Bridge] locally generated packets lost after output chain
> > On Fri, Mar 01, 2002 at 09:23:20PM +0100, Bart De Schuymer wrote: > > > Try this patch and plz say if it solves it. I posted it some time ago > > (January 15th), but Lennert ignored/missed it. > > I didn't immediately see why it would be necessary, so it got swamped > under a ton of other mail. Mea maxima culpa :( > > If your packets are routed then the bridge-nf patch will make the packets go > > through the ebtables FORWARD chain instead of the ebtables OUTPUT chain > > (without this patch). I don't like it... > > If packets are routed, they should not go through br_nf_local_out, > right? You can have the situation where the bridge is also a router and e.g. this setup: A bridge with on the one side netmask 172.16.1.0 and on the other netmask 172.16.2.0. If a computer with ip 172.16.1.200 wants to talk to computer with ip 172.16.2.200 it will send the packets to its default gateway, being the bridge/router. A strange setup I guess, but still. So: the packet arrives on the bridge hook and is passed up for routing, later the packet is given back to the same bridge in the LOCAL_OUT hook. I'm pretty sure back then I tested this (strange) setup. I'm guessing Eric has some kind of similar situation. You just make me realize that my patch makes the layer 2 flow (seen from ebtables' standpoint) for ip DNATed 'bridged' packets unnatural. So we need a compromise that handles both, right? cheers, Bart _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
