broute:
broute is used to make a brouter, it. has one built-in chain: BROUTING. The targets DROP. and ACCEPT have a special meaning in the broute table (these names are used instead of more descriptive n.ames to keep the implementation generic). DROP actually means the frame h.as to be routed, while ACCEPT means t.he frame ha.s to be bridg.ed. The BROUT.ING chain is traversed very early. However, it is only traversed by frames entering on a bridge port that is in forwarding state. N.ormally those frames would be. bridge.d, but you can .decide otherwise here. The redirect target is very handy. here..
redirect
The redirec.t target will change the MAC target address to that of the bridge device. the frame arrived on. This target can o.nly be used in the BROUTI.NG chain of the broute table and the PREROUTING chain of the nat table. In .the BROUTING chain, the MAC address of the bri.dge port is used as dest.ination address, in the PREROUTING chain, the. MAC address of the bridge is used. .
两块网.卡使用brctl做了个桥,然后:外贸
ebtables -t broute -A BROU.TING -p IPv4 --ip-dst 192.168.1.1 --ip-proto --ip-dp.ort 21 -j redirec.t学习
ebtabl.es -t broute -A BROUTING -p IPv4 --ip-src 1.92.168.1.1 --ip-proto --ip-sport 2.1 -j redirect[成人用品]
中文文档很少,即便有,讲的也不.细,英文文档看了半天也不大明白,请熟悉ebtables的哥.们指点一下,谢谢。.
