First of all thank you for your suggestion.
I did what you suggested, it does not seem to work.
But perhaps I need to clarify :-
1. The iptables/ipset are to be carried on the the server,
is that right ?
2. The mac addresses of the bridge - I am testing using
a linux bridge, are you refering to the br0, eth0 or eth1
mac address ?
In any case when I tested, it seems to only identify the
bridge itself connecting to the server. Anything from the
clients are not picked up by the iptables/ipset rules.
----- Original Message -----
From: kay <kay.diam@xxxxxxxxx>
To: netfilter@xxxxxxxxxxxxxxx
Cc:
Sent: Saturday, July 28, 2012 10:58 AM
Subject: Re: Identify traffic coming from which bridge
Dear Master Yoda =)
You can try to use "--mac-source" match in iptables, combine iptables
with ipset and get the following rules:
ipset create bridge_a_clients src hash:ip
ipset create bridge_b_clients src hash:ip
iptables -t raw -A PREROUTING --mac-source "BRIDGE_A_MAC" -j SET
--add-set bridge_a_clients src
iptables -t raw -A PREROUTING --mac-source "BRIDGE_B_MAC" -j SET
--add-set bridge_b_clients src
To view bridge_a_clients use:
ipset bridge_a_clients list
To view bridge_b_clients use:
ipset bridge_b_clients list
This is not optimal solution, but it should help you.
Regards!
2012/7/26 Ming-Ching Tiew <mctiew@xxxxxxxxx>:
> When a client X is connected to the server, is there a way for the server to
> know client X is connected via which bridge ?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Linux Netfilter Development]
[Linux Kernel Networking Development]
[Linux Kernel Development]
[Linux Resources]
[Advanced Routing & Traffice Control]
[Bugtraq]
[Free Internet Dating]
[Yosemite Forum]
[Photos]
