From 0fa32dc5304c42eb468570001d2c7fa311dfd285 Mon Sep 17 00:00:00 2001 From: Bart De Schuymer Date: Fri, 2 Jan 2004 15:45:26 +0000 Subject: *** empty log message *** --- docs/brnf-faq.html | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) (limited to 'docs') diff --git a/docs/brnf-faq.html b/docs/brnf-faq.html index 0fa94c4..e96a892 100644 --- a/docs/brnf-faq.html +++ b/docs/brnf-faq.html @@ -14,7 +14,7 @@

Bridge-netfilter Frequently (and less frequently) Asked Questions

-

Last modified: December 30, 2003

+

Last modified: January 02, 2004

Questions

  1. Connection tracking
    2. @@ -122,8 +122,28 @@ bridge?
    Yes. Kernel versions 2.6.0-test7 and above have this -functionality. Patch ebtables-brnf-3-vs-2.4.22 and later patches -(for 2.4) have this functionality too. +functionality. For disabling this, see the above question. +
    +
    +How do I let vlan-tagged traffic go through a vlan bridge port +and the other traffic through a non-vlan bridge port? +
    +
    +Suppose eth0 and eth0.15 are ports of br0. Without countermeasures +all traffic, including traffic vlan-tagged with tag 15, entering +the physical device eth0 will go through the bridge port eth0. To +make the 15-tagged traffic go through the eth0.15 bridge port, use +the following ebtables rule: +
    +ebtables -t broute -A BROUTING -i eth0 --vlan-id 15 -j DROP
+
    +With the above rule, 15-tagged traffic will enter the bridge on +the physical device eth0, will then be brouted and enter the +bridge port eth0.15 after which it is bridged. The packet thus +enters the BROUTING chain twice, the first time with input +device eth0 and the second time with input device eth0.15. The +other chains are only traversed once. All other traffic will +be bridged with input device eth0.
    Do {ip,arp}tables see encapsulated 802.2/802.3 IP/ARP traffic? -- cgit v1.2.3