Joakim Tjernlund/Transmode wrote on 08/06/2009 18:52:25:>
> Ross Vandegrift <ross at kallisti.us> wrote on 08/06/2009 17:50:32:
> >
> > On Mon, Jun 08, 2009 at 05:35:55PM +0200, Joakim Tjernlund wrote:
> > >
> > > I am looking into impl Private VLAN(or part thereof) as specified
by
> > >
http://www.rfc-editor.org/internet-drafts/draft-sanjib-private-vlan-10.txt
> > >
> > > Would that be a welcome addition to the linux bride or is there
> > > a better method for doing "Private VLAN"?
> >
> > It should be pretty simple to cook up a private VLAN setup using
> > ebtables. At the simplest level, you could simply write policy to
> > only permit frames between specified interfaces. In this way, each
> > group of interfaces would represent a private VLAN.
>
> hmm, I have never used ebtables, will have to look into that. Could
> you give men an example on how to configure(using ebtables) the following:
> br0 with one I/F(eth_master) in Promisc(as defined in the Private VLAN spec
above) mode
> and two I/F's( eth_client1 and eth_client2) in Isolated mode?
hmm, playing with ebtables now but I got big problems.
1) I can't find the right configure options to the kerenl. The
simplest ebtable command will fail:
# > ebtable -A INPUT --in-if eth0
The kernel doesn't support a certain ebtables extension, consider
recompiling your kernel or insmod the extension.
2) I can't figure out how the ebtable command should look like for the
above example.
Jocke>
> >
> > But ebtables is pretty flexible - with the right ruleset, you should
> > be able to cook up all kinds of crazy, fun stuff!
>
> Does this mean that you think "Private VLAN" support is unneeded
in
> the Linux bridge? From you comments it seems like one should be able to do
most
> things with ebtables, but is this also the preferred way?
>
> Jocke