RE: Bridge IPv6 traffic between 2 interfaces

["Huebner, Thomas" <thomas.huebner@xxxxxxxxxxxxx>]

Hi,

thanks for you'r quick response. I needed some time to fix and extend the kernel with ebt_broute. I'm using openembedded and all that bitbake stuff needs time...
Finaly i've integrated ebtables and the necessary kernel modules.

I assume that the preceding setup looks some thing like this (?):

# brctl addbr br0
# brctl addif br0 usb0
# brctl addif br0 usb1
# ifconfig br0 0.0.0.0 up 

followed by:
# ebtables -t broute -A BROUTING -p ipv4 -j DROP

After that a can no longer ping (ipv4) the box from outside.


Am I missing something, May be some sysctl's?

Regards,

Thomas


> -----Original Message-----
> From: Humberto Jucá [mailto:betolj@xxxxxxxxx] 
> Sent: Thursday, March 22, 2012 12:08 PM
> To: Huebner, Thomas
> Cc: netfilter@xxxxxxxxxxxxxxx
> Subject: Re: Bridge IPv6 traffic between 2 interfaces
> 
> Hi,
> 
> I do not know if I understand correctly.
> 
> You want the IPv6 traffic across the bridge transparently.
> But whether a control standard for IPv4 - is it?
> 
> To control what crosses the bridge or not you should use 
> ebtables (in broute chain).
> I believe it is something like:
> 
> ebtables -t broute -A BROUTING -p ipv4 -j DROP
> 
> This prevents the processing of the * bridge * for IPv4 
> packets, but you can still use iptables to filter * routing *.
> 
> I hope it's this and that works.
> Thanks.
> 
> Em 22 de março de 2012 07:06, Humberto Jucá 
> <betolj@xxxxxxxxx> escreveu:
> > Hi,
> >
> > I do not know if I understand correctly.
> >
> > You want the IPv6 traffic across the bridge transparently.
> > But whether a control standard for IPv4 - is it?
> >
> > To control what crosses the bridge or not you should use 
> ebtables (in 
> > broute chain).
> > I believe it is something like:
> >
> > ebtables -t broute -A BROUTING -p ipv4 -j DROP
> >
> > This prevents the processing of the * bridge * for IPv4 
> packets, but 
> > you can still use iptables to filter * routing *.
> >
> > I hope it's this and that works.
> > Thanks.
> >
> >
> > 2012/3/22 Huebner, Thomas <thomas.huebner@xxxxxxxxxxxxx>:
> >> Hello,
> >>
> >> I have a computer (A) which is connected on the left side to a 
> >> private network (usb0) and on the right side to a stand 
> alone computer (B).
> >>
> >>
> >> ----+         +-----------------+            +-------+
> >> NET |         |      BOX A      |            | BOX B |
> >>  A  +--IPv4---+---  IPv4 in  ---+------IPv4--+       |
> >>    +--IPv6-+ |  IPv6 'arround' | +----IPv6--+       |
> >>    |       | +-----------------+ |          +-------+
> >> ----+       +->----<--->----<--->-+
> >>
> >>
> >> I try to find a way to bridge the IPv6 traffic completely 
> transparent 
> >> (including all the ICMPv6 and solicitation stuff), between the 
> >> interfaces usb0 and usb1 while the IPv4 traffic is not affected.
> >>
> >> I've tried using a brctl which connects the two interfaces 
> perfectly, 
> >> but disconnects them from the host A itself.
> >> Also marking the IPv6 packets with set-mark and routing them using 
> >> "ip route" seems not to work.
> >>
> >> The iptables ROUTE target using the "--oif" option seems 
> exactly what 
> >> I'm looking for, but unfortunatly this target is not available for 
> >> ip6tables.
> >>
> >> Has anyone an idea or hint?
> >>
> >>
> >> Thanks
> >>
> >> Thomas
> >> --
> >> To unsubscribe from this list: send the line "unsubscribe 
> netfilter" 
> >> in the body of a message to majordomo@xxxxxxxxxxxxxxx More 
> majordomo 
> >> info at  http://vger.kernel.org/majordomo-info.html
> 
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html