policy based transparent packet switching
Hello, got stuck trying to implement "simple" scenario.
I have bridge with 3 ports in it - eth0, eth1, eth2
traffic comes to port eth0. If IP address is say 1.1.1.1, traffic to this IP should go over port eth1, otherwise traffic should go over eth2. Why I need packet to be switched instead of being routed - after leaving the linux box, packet should remain untouched, no ttl change, no source mac change, etc. I played with ebtables, but the only reasonable chain which does packet redirection is PREROUTING, however I can redirect only to real destination mac address, which is not directly attached to the bridge and will be in most cases unknown. Here is example:
ebtables -t nat -I PREROUTING 1 -i eth0 -p ipv4 --ip-dst 1.1.1.1/32 -j dnat --to-dst 00:50:ac:11:11:11 --redirect-target ACCEPT
ebtables -t nat -I PREROUTING 2 -p arp --arp-opcode Request --arp-ip-dst 1.1.1.1/32 -j redirect --to-dst 00:50:ac:11:11:11 --redirect-target ACCEPT
that works, but I need something like --to-dst eth1 rather than destination mac address. Maybe someone faced similar challenge?
the alternative idea I have would be to mirror traffic eth0->eth2 to eth1 and use ebtables FORWARD chain to pass only traffic I want, but I afraid it may lead to performance issues.
|