From b713d415a9574e590afa23fc7ac987a0a14149b4 Mon Sep 17 00:00:00 2001 From: Bart De Schuymer Date: Mon, 3 Mar 2003 11:42:22 +0000 Subject: added an entry, updated the links (pointing at the new sourceforge hp) --- docs/ebtables-faq.html | 58 +++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 45 insertions(+), 13 deletions(-) diff --git a/docs/ebtables-faq.html b/docs/ebtables-faq.html index 1e7ab97..5129b35 100644 --- a/docs/ebtables-faq.html +++ b/docs/ebtables-faq.html @@ -18,12 +18,14 @@

Ebtables (Ethernet Bridge Tables) Frequently Asked Questions

+

Last modified: March 3, 2003

Questions

  1. Intro
  2. Installation
  3. Usage
    4. -
  4. Other
    5. +
  5. Problems
    6. +
  6. Other

Answers

    @@ -54,10 +56,9 @@ want to use a 2.5.x (or above) kernel, then just use the latest and greatest kernel version. You won't have to patch the kernel. Check out the submitted kernel patches, available through the - - sourcecode section of the ebtables - homepage to see if there have been patches applied in later - kernel versions than the one you are using. + + sourcecode section of the ebtables + homepage to see if there are any pending patches.
    If you want to use a 2.4.x kernel, then go to Ethernet bridge tables and download the br_nf_bds, ebtables_kernel @@ -127,13 +128,13 @@
    Can I filter on ARP packets in the Linux bridge box using ebtables?
    Yes, it's possible to filter on the ARP header, using ebtables. - See the ebtables manual page for + See the ebtables manual page for details.
    Can I use ebtables with iptables? Are there any problems to use it together? How exactly the packet/frame traversing the ebtables/iptables?
    Yes, it's possible to use ebtables with iptables. Detailed info about ebtables/iptables interaction is explained at the - + "ebtables/iptables interaction on a Linux-based bridge" page.
    Does ebtables keep count statistics?
    @@ -164,7 +165,7 @@
    The ebtables PREROUTING chain is only traversed when the bridge code is deciding what to do with the frame. So, if a BROUTING chain rule decided the frame should be routed, then the ebtables PREROUTING chain won't see it. See the - + "ebtables/iptables interaction on a Linux-based bridge" page for the details.
    I'm using a 2.5.x or higher kernel and my iptables rules won't match on the bridge port devices, what's wrong?
    @@ -215,10 +216,41 @@ ebtables2/kernel/scripts/CopyRep2.5
    [Back to the top] -
    +
    + +
  1. + Problems
    +
    +
    This stuff isn't working on my 64-bit machine with a 32-bit userspace (like the Sparc64)
    +
    We know. It's kind of hard to fix this without access to such a machine. The problem is caused by the + different word length between kernel and userspace.
    +
    I'm getting this message when doing IP DNAT: ``Performing cross-bridge DNAT requires IP + forwarding to be enabled''
    +
    First make sure IP forwarding is enabled: +
    +# echo '1' > /proc/sys/net/ipv4/ip_forward
+
    + If that's the case and the message doesn't go away, make sure your routing table has all necessary + entries. For example, suppose we want to DNAT traffic on a bridge device that doesn't have an IP address to + an IP address somewhere on the Internet. +
    +eth0 = connection to Internet
+br0 = eth1+eth2
+br0 has no IP address
+iptables -t nat -A PREROUTING -s 172.16.1.2 -d 172.16.1.4 -j DNAT --to-dest <destination>
+route -A -net 172.16.1.0 netmask 255.255.255.0 dev br0
+
    + 172.16.1.2 is on the eth1 side, .4 on the eth2 side, the <destination> is somewhere on the Internet. + Without the routing table entry (last line above), it is obvious that this DNAT wouldn't work (because the bridge/router + wouldn't know where to send 172.16.1.xx traffic). It is possible that the mentioned + error message gets printed on the screen or in your logs when this routing table entry is omitted. +
    +
    +
    + [Back to the top]
  2. - Other
    + Other
    I'm not a Linux system's programmer, but I need a feature, which is not (yet) implemented in ebtables. What should I do?
    @@ -227,13 +259,13 @@ ebtables2/kernel/scripts/CopyRep2.5 your wanted feature to this mailing list.
    I'm a C programmer and I want to add an ebtables feature by myself. Where should I begin?
    -
    Subscribe to the Subscribe to the ebtables developers mail list. Read the "Ebtables Hacking HOWTO" and + "http://ebtables.sourceforge.net/ebtables-hacking/ebtables-hacking-HOWTO.html">"Ebtables Hacking HOWTO" and have a look at the already implemented modules. You will find that adding a module is not very hard. Additional information is available - at the ebtables + at the ebtables homepage.

    -- cgit v1.2.3