|
Hi Joe,
Perhaps I missed it in the discussion or in your entry for the HOWTO,
but I don't think the method for pulling things up out of the bridged
interfaces to the application level is discussed.
CONFIG_NET_DIVERT is the IP packet diverter that allows one to configure
selective redirects from a bridged interface, so that it can then be
REDIRECTED or whatever by the iptables rules. Benoit Locher wrote it
and his homepage about the project is here: http://diverter.sourceforge.net/
It is a part of the official Linux trees (2.2.19+ and 2.4.10+) these
days, so no patching is necessary, but you do need the divert-utils
package to configure it if you're going to use it. It makes the Linux
bridging code a lot cooler than your ordinary bridge.
Joseph Mack wrote:
This is for the HOWTO, any comments, clarifications, additions?
We can say that the default bridging behavior is not
the desired one for all cases. There are some useful modes we
can require from the bridging. For example, in one mode we can
grab all IP packets (even packets destined to foreign lladdrs)
and to feed them to the upper layers and to rely on the proper
routing rules for filtering, etc. The bonus is that you don't need
to place your IPs, routes, etc on the bridging interfaces, you don't
need to implement firewalling specificaly designed for the
bridged ports, etc, etc.
--
Joe Cooper <joe@xxxxxxxxxxxxx>
http://www.swelltech.com
Web Caching Appliances and Support
|
