On Fri, Feb 08, 2002 at 12:28:44PM +0100, Bart De Schuymer wrote:
> > Just for the heck of it, after I added the static ARP entry, > > I also tried adding a route (ip route add 198.122.149.10 dev > > eth0), which I did not have > > before (since ip forwarding is disabled, of course). As > > soon as it received > > the packet to be DNAT'd, I immediately got a kernel panic > > error and had to restart the system. I also tried adding > > this ip route without the static ARP > > entry in place, and got another kernel panic error. > > After looking at the bridge/netfilter patch (and doing some tests) it seems > that DNAT'ed packets in the bridge are always/sometimes (?) routed. This > because the destination MAC address is set to that of the bridge device. > So it doesn't work because you didn't put ip_forward on. > See: net/bridge/br_netfilter.c:br_nf_pre_routing_finish(). > "memcpy(skb->mac.ethernet->h_dest, dev->dev_addr, ETH_ALEN);" > > If this is considered a feature or a bug I leave up to Lennert. Well.. the crashing bit is a bug of course ;) The only interface we have for calculating a new route in the case of doing DNAT to a different bridge port group is ip_route_input (and if you look at it technically, in this case it does become routing and isn't really bridging anymore). So I think all we can do is throw our hands up in the air and drop the packet. cheers, Lennert _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
