Linux Ethernet Bridging - Apr 2007 - [Bridge] NAT on a bridge

t.luettgert@pressestimmen.de said:
> I can't get "invisible" NAT on a bridge to work.  What I
wanted to do
> is redirecting HTTP requests to another machine (or the same machine,
> that'd be good enough, too).
I'm trying to get something like this to work too, but haven't come to
any firm conclusion.

All I've been able to determine so far is that the DNAT won't work
unless there's an IP on the bridge. Have you been seeing warnings in
dmesg about turning on ip_forwarding?

Jason

Hello all,

I can't get "invisible" NAT on a bridge to work.
What I wanted to do is redirecting HTTP requests to
another machine (or the same machine, that'd be
good enough, too).

I set up a bridge. It worked fine just bridging.
Then I added the following iptables rule:

iptables -t nat -A PREROUTING -m physdev --physdev-in eth0 -p tcp \
	--dport 80 -j DNAT --to (new address)

This resulted in the frames just disappearing in the bridge.
So, I thought, perhaps there's some problem with the address, what
with the bridge not knowing where it is and so on (both interfaces
are 0.0.0.0), perhaps I'll just try

iptables -t nat -A PREROUTING -m physdev --physdev-in eth0 -p tcp \
	--dport 80 -j REDIRECT --to-ports 80

so everything should just go to my local machine, that's good enough.
The effect was the same, the SYN frame just disappears.

I tried this with linux 2.4.25 with the bridging patches and with
2.6.5. Same effect.

If I configure the machine as a router, it works perfectly.

What am I doing wrong?

-Torsten