[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-bridge
Subject:    [Bridge] Bridge and iproute2 won't work
From:       "Allan Gee" <AllanG () Equation ! co ! za>
Date:       2002-10-24 10:42:23
[Download RAW message or body]

Hi Guys I would like some help on the following:
Excuse my asci-art!

	Web Server
		|
		|
	Bridge 1 --tunnel-10.4.0.1--|
		|                     |
		|                     |
	Std Router 10.1.1.1         |
		|                     |
		|                     |
	Slow 64kbit line            |
		|                     |
		|                     |
	Std router 10.1.2.1         |
		|                     |
		|                     |
	Bridge 2 --tunnel-10.4.0.2--|
		|
		|
	LAN network


without the tunnel running the route for LAN is via 10.1.1.1 and route for
Web Server is via 10.1.2.1
All is fine!
Now I want the Web Server traffic to go via the tunnel end point(10.4.0.2)
so it will be compressed and encrypted but I Don't want to have to change
ANY gateway's on either the LAN devices or the Web Server.
When the tunnel comes up I thought I would use Iptables to catch traffic
going to each router and somehow redirect it to the tunnel.
I've tried to MARK packets and then send them via a rt_table but it still
goes to the default gateway on the std router. I think it's the bridging
that is messing me up but I don't no why?
My netfilter IS patched with nf-bridge V0.0.6 ON KERNEL 2.4.17 etc.. I get
the packets to the MARK mangle table but they don't go to the rt_table

This is the script that runs when the tunnel comes up :

FOR Web Server side bridge:
iptables -A PREROUTING -t mangle -d 10.1.2.0/24 -j MARK --set-mark 1
ip rule add fwmark 1 table for.tun
ip route del 10.1.2.0/24 via 10.1.2.1  #the original gateway for LAN but I
keep a static for the
						# single IP so the tunnel keeps going
ip route add 10.1.2.0/24 via dev tune table for.tun
ip route flush cache
#END
in rt_tables
202 for.tun
The same mirrored on the LAN bridge side!
I use OPENVPN for the tunnel!
NO GO!!
Please give me some ideas as to what's going wrong or to whether I should
use some other plan.

Regards Allan Gee
Equation
021 4181777
www.equation.co.za

Regards Allan Gee
Equation
021 4181777
www.equation.co.za

_______________________________________________
Bridge mailing list
Bridge@math.leidenuniv.nl
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic