(Note that this is an embedded system with cards, hence the odd setup ... it isn't PC network).
I've got a system that uses a bridge (br0) to connect 3 ethernet ports (eth1-eth3). Within that, I use some iptables rules to forward the DHCP ports to another port based on the physdev. Namely eth1->5167, eth2->5267, eth3->5367.
Then within each DHCP server, I have a distinct IP range. So based on the IP, I can determine to which ethernet port they are attached. 90% of the time this works just fine. However, on some occasions a request will come in on eth3 but the iptables rule for eth1 will match and therefore the device ends up with an IP in the wrong range.
Since this only seems to happen right when it starts up, I am wondering if it is because the bridge hasn't yet matched MACs to eth devices. I have no idea if that is how it works, just a question.
My iptables rule for the dhcp forward is as shown here.
Code:
iptables -I PREROUTING -t nat -i br0 -m physdev --physdev-in eth1 -p udp --dport 67 -j DNAT --to 0.0.0.0:5167
I noticed that without the "-i br0" this rule does not work at all. Secondly, when I attach something to eth3 and the eth1 rule is (incorrectly) matched, the count goes up for the eth1 rule, and the eth3 rule stays at 0.
My bridge setup ....
ifconfig eth1 up 0.0.0.0
ifconfig eth2 up 0.0.0.0
ifconfig eth3 up 0.0.0.0
brctl addbr br0
brctl addif br0 eth1
brctl addif br0 eth2
brctl addif br0 eth3
brctl stp br0 on
brctl setfd br0 20
# assign the bridge to the eth1 address
ifconfig br0 hw ether `cat /sys/class/net/eth1/address`
ifconfig br0 10.0.0.1 up
Thanks
