Iptables and vlan interfaces
Baake, Matthias
m.baake at porta.de
Fri Sep 30 14:04:53 CEST 2005
hello there,
the filtering works in the _filter_ table.
afaik there is no support to route logical devices at least in the nat table!
maybe the same is applied for the mangle table.
greetings
/matthias
> -----Original Message-----
> From: netfilter-bounces at lists.netfilter.org
> [mailto:netfilter-bounces at lists.netfilter.org]On Behalf Of
> Marcin Giedz
> Sent: Friday, September 30, 2005 1:56 PM
> To: netfilter at lists.netfilter.org
> Subject: Re: Iptables and vlan interfaces
>
>
> Dnia piątek, 30 września 2005 13:34, Sascha Reissner napisał:
> > sebastian.ionita at focomunicatii.ro wrote:
> > > Why doesn't iptables works with vlans interfaces?
> > > iptables -t mangle -A FORWARD -i eth0 -o eth1.11 -j MARK
> --set-mark 4
> > > Gives me the error:
> > > host/network eth1.11 not found.
> > > I'm running kernel version 2.4.27. with iptables 1.2.9
> > > The eth1.11 exists works perfectly.
> > > Seby,
> >
> > eth1.11 is the same physical device as eth1. use eth1 in
> your rule and
> > you are fine. netfiler does IMHO not support filtering by logical
> > interface.
>
> It does and it works excellent.
>
> here is short example:
> /usr/local/sbin/iptables -A FORWARD -i eth0.119 -p tcp -j
> ACCEPT -m state
> --state NEW -m multiport --destination-port $TCP_FORWARD1
> /usr/local/sbin/iptables -A FORWARD -i eth0.119 -p tcp -j
> ACCEPT -m state
> --state NEW -m multiport --destination-port $TCP_FORWARD2
>
> For me it seems like eth1.11 is not present on your system.
> What do get with
> "ifconfig"?
>
> Marcin
>
>
More information about the netfilter
mailing list