Re[2]: [Bridge] [Release] ebtables 2.0.2 + ebtables patch for 2.4.20+ bridge-nf patch for 2.4.20

Thu, 12 Dec 2002 15:32:05 -0800 


> If You using on Your box bridge without IP,
> how can Your bridge will be known,
> where to route DNAT'ed packets (to the proxy)?
> Ad minimum - MAC address of the proxy/default_router?

 First thank you all for answering

  I am not sure if I understood what you are writing , but I have just
verified that my setup worked untill kernel 2.4.14 with
bridge-nf-0.0.2-against-2.4.13-ac5.diff . With that kernel the packets get
DNATED and send to the squid box  . However , with 2.4.18 and 2.4.20 I get
the behaviour described in my original post , aka no DNATED packet leaves
the bridge and the error message about ip forwarding appears in the logs

 My setup is :                      <workstations>
                                   /
<isdn router>----<bridge>---<switch>----<squid proxy>

 The bridge has 3 NICS , 2 of them consisting the bridge and 1 having an
ip address and is connected to the switch .

 The setup that used to work with 2.4.14 was :

iptables -t nat -A PREROUTING -i eth2 -p tcp ! -s squidbox ! \
-d localnet --dport 80 -j DNAT --to squidbox:8080
iptables -t nat -A POSTROUTING -o eth2 -s localnet \
-d squdibox -j SNAT --to bridgeboxip

 with the only side effect of not being able to keep per-client logs on
the squid box , since everything appeared to come from the SNAT ip . I
digged that out of my archive , but I am sure it worked . However , I am
not able to reproduce the same enviroment without breaking other things
now and I dont want to  experiment a lot with a bridge 200 kms away...

 If someone is doing the same with current kernel , I`d like to see kernel
config and iptables rules .

 Best regards ,

--
=============================================================================

Dimitris Zilaskos

Department of Physics @ Aristotle Univercity of Thessaloniki , Greece
PGP key : http://tassadar.physics.auth.gr/~dzila/pgp_public_key.asc
          http://egnatia.ee.auth.gr/~dzila/pgp_public_key.asc
MD5sum  : 4f84f3f53cb046008b4abcb2a092d28d  pgp_public_key.asc
=============================================================================


_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge

Reply via email to