Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 05-09-2018, 09:59 AM   #1
LQ Newbie
Registered: May 2018
Posts: 1

Rep: Reputation: Disabled
policy based transparent packet switching

Hello, got stuck trying to implement "simple" scenario.
I have bridge with 3 ports in it - eth0, eth1, eth2
traffic comes to port eth0. If IP address is say, traffic to this IP should go over port eth1, otherwise traffic should go over eth2. Why I need packet to be switched instead of being routed - after leaving the linux box, packet should remain untouched, no ttl change, no source mac change, etc. I played with ebtables, but the only reasonable chain which does packet redirection is PREROUTING, however I can redirect only to real destination mac address, which is not directly attached to the bridge and will be in most cases unknown. Here is example:
ebtables -t nat -I PREROUTING 1 -i eth0 -p ipv4 --ip-dst -j dnat --to-dst 00:50:ac:11:11:11 --redirect-target ACCEPT
ebtables -t nat -I PREROUTING 2 -p arp --arp-opcode Request --arp-ip-dst -j redirect --to-dst 00:50:ac:11:11:11 --redirect-target ACCEPT

that works, but I need something like --to-dst eth1 rather than destination mac address. Maybe someone faced similar challenge?
the alternative idea I have would be to mirror traffic eth0->eth2 to eth1 and use ebtables FORWARD chain to pass only traffic I want, but I afraid it may lead to performance issues.
Old 05-11-2018, 03:42 PM   #2
Senior Member
Registered: Apr 2009
Posts: 1,627

Rep: Reputation: 140Reputation: 140
Bridge is equal to layer2 switch. It forwards packet based on destination MAC. Router mode looks like matching with your expect.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] problem in forwarding packet when adding xfrm policy through C code samiran.linux Linux - Networking 1 05-29-2014 02:36 AM
Reverse Path (packet) Filtering and policy based routing (iproute2) debuser123 Linux - Kernel 0 01-30-2012 01:29 PM
[SOLVED] Transparent packet monitor on one leg of a tap? szboardstretcher Linux - Networking 2 06-30-2011 05:28 PM
Security Policy Database (SPD) for a tunneled packet barolo83 Linux - Networking 0 06-02-2008 04:21 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:51 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration