Hi all,

I would like to ask if there are any plans to make the firmware together with ebtables support for the kernel?

I have the following situation: I want all the LAN ports and a WAN port to be in a bridge thus I'm able to communicate with the LAN connected to the WAN port. What is more, I need to NAT 192.168.1.x private addresses to an external IP which then is also routed through the same LAN.

I tried to play with proxy arp on br0 and eth1, but I realized that this way I could not receive any broadcast packets from LAN (that which is connected to WAN port), so IMHO ebtables (a kernel patch actually) would be the only way to do the NAT inside the bridge.

Any thoughts are appreciated :)

Dziugas

You do not need bridging/ebtables if you want to use NAT. You just need to yet another MASQUERADE rule to the iptables or setup routing between to LANs.

Hi, Oleg,

thanks for the answer. The problem is that if I assign eth1 interface to be in br0 logical bridge, all the interfaces (eth0, eth1, eth2) are in one brigde, and it's obvious that one interface can't belong to more than one brigde. That's why there is no routing between LANs, because basicly there is one LAN and NAT should be done according to the source address (-t nat -I POSTROUTING -s 192.168.1.x -d 0/0 -j DNAT --to 1.2.3.4 or similar).

Because brige operates in the second (data) layer, it's imposible to match the packets with iptables as bridged traffic flows before any iptables rules. That is what ebtables are designed for - to be able to match (say, filter, NAT or whatever) bridged traffic.

Dziugas

You do not need bridging at all. Why you're trying to use it?

I do NEED it, because I want to access the LAN (30+ PCs) which is connected to the router's WAN port and which by default is not assigned to the bridge! :)

But why do you need a NAT in this case? :confused:

Once again. You need to setup either bridge or NAT. Not both at the same time.

Oleg,

I know that it's quite uncommon situation, but however, I must have an external IP configured on the router and I want my "house LAN" (192.168.1.x) to be masqueraded to that IP. As I said before, I would also like to reach my "big LAN" which is connected to WAN port and which is using, say, 10.0.0.x addresses. So my "house LAN's" (those PCs which are connected to Asus router) are configured with an IP pair - 1.2.3.x and 192.168.1.x and the Asus router currently has 192.168.1.1 on br0 and an external IP on eth1. Now everything works fine except that I can't reach the "big LAN" directly, that's why I need bridge + NAT. Thus my external IP should obviously move to br0:0 as eth1 would join the bridge.

However, how complicated my situation could sound, I would like to ask once again if there are any plans to release the upcoming firmware together with ebtables-enabled kernel?

Thanks.

Dziugas