Displaying 20 results from an estimated 33 matches for "brouting".
Did you mean:
routing
2005 May 10
1
Help with PRIO qdisc and filters
...flowid 1:1
tc filter add dev ppp0 parent 1:0 prio 1 protocol ip u32 match ip tos 0x48
0xff flowid 1:2
tc filter add dev ppp0 parent 1:0 prio 1 protocol ip u32 match ip tos 0x58
0xff flowid 1:3
# use ebtables to set the TOS field. First flush the rules
ebtables -t broute -F
ebtables -t broute -I BROUTING 1 -j ftos --set-ftos 0x28 -p IPv4 --ip-src
192.168.1.151/32
ebtables -t broute -I BROUTING 2 -j ftos --set-ftos 0x48 -p IPv4 --ip-src
192.168.1.152/32
ebtables -t broute -I BROUTING 3 -j ftos --set-ftos 0x58 -p IPv4 --ip-src
192.168.1.153/32
----------- End Script ------------------
What I see...
2006 Dec 28
4
filter policy drop and allow transparent proxy
...c off the link layer into the network
layer ready for line 3.
3rd line - redirects the port 80 to 8080 and then goes to the local
process (squid) through the input filter
4th line - input filter accepts the traffic over riding the global
reject policy.
iptables -P INPUT DROP
ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6
--ip-destination-port 80 -j redirect --redirect-target ACCEPT
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT
--to-port 8080
iptables -A INPUT -p tcp --dport 80 -m physdev --physdev-in eth1
--physdev-out eth0 -j ACCEPT
Any help would be most welcome.
Kin...
2008 Jan 06
0
[Bridge] Bridge with IP address -> unable to connect to bridge
...g the brouter setup described on
this page:
http://ebtables.sourceforge.net/examples.html
"Making a brouter".
The setup described there is like this:
ifconfig br0 0.0.0.0
ifconfig eth0 172.16.1.1 netmask 255.255.255.0
ifconfig eth1 172.16.2.1 netmask 255.255.255.0
ebtables -t broute -A BROUTING -p ipv4 -i eth0 --ip-dst 172.16.1.1 -j DROP
ebtables -t broute -A BROUTING -p ipv4 -i eth1 --ip-dst 172.16.2.1 -j DROP
ebtables -t broute -A BROUTING -p arp -i eth0 -d $MAC_OF_ETH0 -j DROP
ebtables -t broute -A BROUTING -p arp -i eth1 -d $MAC_OF_ETH1 -j DROP
My setup is different in that I use a p...
2019 Jan 08
0
[Bug 1316] New: ebtables-nft support for broute
...ormal
Priority: P5
Component: iptables over nftable
Assignee: pablo at netfilter.org
Reporter: arturo at debian.org
Original debian bug: https://bugs.debian.org/918551
The following command fails using ebtables-nft from iptables 1.8.2:
ebtables -t broute -A BROUTING --protocol 802_1Q -j DROP
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190108/dff507fa/attachment.html>
2005 Oct 13
4
brouting on interfaces without IP address
Hi,
[sorry for the crosspost, I don''t know whether this is a routing or
ebtables problem]
I want to redirect all HTTP traffic passing through my bridge to a squid
proxy on another machine. However, setting up brouting as suggested in
the ebtables examples doesn''t work and the packets get dropped on the
floor completely.
/\/\/\/\/\/\/\/\ +----------------------+ +-------------+
/ LAN \-----|bridgeint bridgeext|----| Router |
\ 192.168.0.0/24 / | |...
2005 Aug 02
4
How to set a host with public IP within a private network?
Hello! I have the following setup:
1) a connection to my ISP with a public IP (1.2.3.4)
with the gateway 1.2.3.1
2) an allocated IP class with 64 addresses
(5.6.7.192/26)
3) two LANs connected through two NICs:
a) 192.168.0.0/24 on eth1 (192.168.0.1)
b) 10.0.0.0/24 on eth2 (10.0.0.1)
The IPs from the allocated class are all assigned to
eth0.
The networks are SNATed to the external IP and
2007 May 15
0
Brouting on two NICS + 1 virtual NIC
Currently have a bridge working, would now like to add a third virtual
nic so the machine can do nat as well to local users, however after a
crazy amount of ready cant seem to get my head around it. Please help.
Have a working bridge below (etc/network/interfaces and eth0 is the
internet side interface so a virtual interface like eth1:0 would be nice
:)
auto lo
iface lo inet loopback
auto br0
2006 Apr 20
1
EBTables, iproute, etc.
Good morning,
I''m writing to ask for collaboration in finding an improvement to a
particular process.
Today: To get traffic for our IDS sensors and a billing system, we
collect everything at our core switches (2) by connecting a SPAN port
from each switch to a server (so, 2 interfaces collecting traffic).
That server changes the destination MAC address on all traffic to that
of
2007 May 23
1
Squid in bridging mode
...9;t seem to get any traffic out of
the bridge into Squid in D0 (or through iptables in D0, for that matter).
Information I''ve gathered so far is that I need
net.bridge.bridge-nf-call-iptables = 1, and need the following command to
have packets accepted by the bridge:
ebtables -t broute -A BROUTING -p ipv4 --ip-proto 6 --ip-dport 80 -j
redirect --redirect-target ACCEPT
Not sure what I need from here. Are there other bridge or iptables settings
I need to check? Is there some special iptables command I''m missing to have
the network traffic go through D0 when bridging?
Thanks,
David...
2008 Sep 24
1
[Bridge] bridge is not forwarding the packet
...0.15 are ports of br0. Without countermeasures all
traffic, including traffic vlan-tagged with tag 15, entering the
physical device eth0 will go through the bridge port eth0. To make the
15-tagged traffic go through the eth0.15 bridge port, use the following
ebtables rule:
ebtables -t broute -A BROUTING -i eth0 --vlan-id 15 -j DROP
With the above rule, 15-tagged traffic will enter the bridge on the
physical device eth0, will then be brouted and enter the bridge port
eth0.15, the vlan header will be stripped, after which the packet is
bridged. The packet thus enters the BROUTING chain twice, the f...
2012 Nov 14
4
firewallchain issues w/ 1.0.0 release
...ppet-agent[22035]: Failed to apply catalog: Parameter name failed:
Inbuilt chains must be in the form {chain}:{table}:{protocol} where
{table} is one of FILTER, NAT, MANGLE, RAW, RAWPOST, BROUTE or empty
(alias for filter), chain can be anything without colons or one of
PREROUTING, POSTROUTING, BROUTING, INPUT, FORWARD, OUTPUT for the
inbuilt chains, and {protocol} being IPv4, IPv6, ethernet (ethernet
bridging) got ''SSH:FILTER:IPv4'' table:'''' chain:'''' protocol:''''
That error code is produced in lib/puppet/type/firewallchain.r...
2006 Feb 22
0
memory leaks resolved?
...ge of trunk and any domU I wanted on vlan1
br1 = bridge of trunk.2 and any domU I wanted on vlan2
The latter config makes much more sense, but I could never get it
working, nothing on br1 would ever work. Recently though I discovered I
needed the following rule for ebtables:
ebtables -t broute -D BROUTING -p 802_1Q -i trunk -j DROP
which selects packets using dot1q encapsulation on interface trunk, and
DROPs them from the broute table, which means they don''t get routed
through the bridge. Because the bridge interface then doesn''t pick them
up, they are available for the vlan logic...
2007 Jun 22
3
Routing NDAS ?
Hi,
I believe ndas devices (http://www.ximeta.com/web/technology/) use raw
Ethernet frames, as they require no tcp/ip configuration, the client
finds and authenticates with a code that is different for each device
sold, like a network mac address.
My pc is on a different segment to the ndas devices that we have, the
two segments are linked by a linux box that is doing routing and proxy
arp, can
2008 Mar 07
7
[Bridge] bridge, vlan and *no* stp/bpdu
Hello list,
I've posted here about this before, but I realise that it may have been
assumed that the bridged vlans simply put a switch port in a blocking
state and left my question ignored. So to recap.
I have two tg3 interfaces named 'in' and 'out' and a bridge named 'br0'
My vlan trunk is on the 'in' side of the network, and set as in.2, in.3
... The
2010 Aug 03
6
xen vlans in domU
Hello.
I''m trying to use vlan in domU, but have something strange:
I created bridge on eth0. This interface was configured as trunk with
vlan 300, 301. I use this bridge in my domU, and I can see tagged
packets when run tcpdump in domU. Also I created interface on domU to
work with vlan 300. On this interface I see untagged packets in vlan300.
And everything looks fine.
But when
2005 Jun 21
5
Q: Routing the Same IP simultaneously on different computers ?
Hi,
I''ve asked this elsewhere and received hints but no one seems to have a
concrete explanation :-
What I am looking to do is to be able to configure a Linux based router to
be able to share THE SAME SINGLE Public IP address between the linux router
and a
single computer on the lan acting as the DMZ host (NOT normal NAT IP sharing
!).
So basically you have a linux router with two
2023 Jul 11
0
[ANNOUNCE] libnftnl 1.2.6 release
Hi!
The Netfilter project proudly presents:
libnftnl 1.2.6
libnftnl is a userspace library providing a low-level netlink
programming interface (API) to the in-kernel nf_tables subsystem.
This library is currently used by nftables.
This release includes meta broute support.
See ChangeLog that comes attached to this email for more details on
the updates.
You can download it from:
2007 Apr 18
0
[Bridge] ARP spoofing.
...nternal network.
I already have ebtables setup to do the following:
# Make this the router for all packets from our networks.
# " MAC destination is the router, IP destination is the actual box
# you want to communicate with. (That's how routing works) " - EBTABLES
$EBT -t broute -A BROUTING --logical-in $NWIF -p IPv4 --destination !
$NWIF_MAC \
-j dnat --to-destination $NWIF_MAC
Now.... I would like the "cisco router" to have a second ip address in
the same range as the internal network on eth0. My desire is to make the
gw's on all of the internal network machines...
2006 Apr 13
0
transparent bridge
Hi installed Debian with bridging enabled then I install squid.
Squid work if I manually enter proxy setting in firefox.
Then I ran the following to make it transparent:
echo 1 > /proc/sys/net/ipv4/ip_forward
ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port
80 -j redirect --redirect-target ACCEPT
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port
3128
Now all I get when I go to firefox is a blank page and down the bottom is:
Waiting for www.google.com.au <http://www.go...
2004 Jan 27
1
Filter not listed for firewall filter - and not running!
Hello all,
I am having some trouble getting a firewall filter to work with TC. I am
actually setting the mark via EBTables (which is working as far as I can
tell, I am also logging the packet and my syslog reports lots of marks):
ebtables -t broute -A BROUTING -p ipv4 -i eth1 -s 08:00:46:60:B3:57 -j mark
--set-mark 7 --mark-target CONTINUE --log --log-level debug --log-prefix
"EBFW Mark 7"
Now, with the marked packet, I want to rate shape it on ETH0 on its way out.
tc qdisc del dev eth0 root
tc qdisc add dev eth0 root handle 1 cbq bandwidth 1...