Identify traffic coming from which bridge

Identify traffic coming from which bridge

[Ming-Ching Tiew]

Assuming I have a configuration with a few bridges connected to a server.
On the other side of bridge, there are a few clients connected.

Eg  bridge A - client A, B, C
      bridge B - client D, E, F
      ......

When a client X is connected to the server, is there a way for the server to
know client X is connected via which bridge ? 

Regards

Re: Identify traffic coming from which bridge

[Ming-Ching Tiew]

From: Ming-Ching Tiew <mctiew@yahoo.com>
To: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>

> Assuming I have a configuration with a few bridges connected to a server.
> On the other side of bridge, there are a few clients connected.
> 
> Eg  bridge A - client A, B, C
>      bridge B - client D, E, F
>       ......
> 
> When a client X is connected to the server, is there a way for the server to
> know client X is connected via which bridge ? 
>


Is there a command or something, give a mac address of a client, I could determine
if the client is connected to which bridge ? Will turning on spanning tree algorithm or 

something help ?

Appreciate your comments !

Re: Identify traffic coming from which bridge

[kay]

Dear Master Yoda =)

You can try to use "--mac-source" match in iptables, combine iptables
with ipset and get the following rules:

ipset create bridge_a_clients src hash:ip
ipset create bridge_b_clients src hash:ip

iptables -t raw -A PREROUTING  --mac-source "BRIDGE_A_MAC" -j SET
--add-set bridge_a_clients src
iptables -t raw -A PREROUTING  --mac-source "BRIDGE_B_MAC" -j SET
--add-set bridge_b_clients src

To view bridge_a_clients use:
ipset bridge_a_clients list

To view bridge_b_clients use:
ipset bridge_b_clients list

This is not optimal solution, but it should help you.

Regards!

2012/7/26 Ming-Ching Tiew <mctiew@yahoo.com>:
> When a client X is connected to the server, is there a way for the server to
> know client X is connected via which bridge ?

Re: Identify traffic coming from which bridge

[Ming-Ching Tiew]

First of all thank you for your suggestion. 


I did what you suggested, it does not seem to work. 


But perhaps I need to clarify :-

1. The iptables/ipset are to be carried on the the server,
    is that right ?
2. The mac addresses of the bridge - I am testing using
    a linux bridge, are you refering to the br0, eth0 or eth1
    mac address ?

In any case when I tested,  it seems to only identify the 

bridge itself connecting to the server. Anything from the 

clients are not picked up by the iptables/ipset rules.


----- Original Message -----
From: kay <kay.diam@gmail.com>
To: netfilter@vger.kernel.org
Cc: 
Sent: Saturday, July 28, 2012 10:58 AM
Subject: Re: Identify traffic coming from which bridge

Dear Master Yoda =)

You can try to use "--mac-source" match in iptables, combine iptables
with ipset and get the following rules:

ipset create bridge_a_clients src hash:ip
ipset create bridge_b_clients src hash:ip

iptables -t raw -A PREROUTING  --mac-source "BRIDGE_A_MAC" -j SET
--add-set bridge_a_clients src
iptables -t raw -A PREROUTING  --mac-source "BRIDGE_B_MAC" -j SET
--add-set bridge_b_clients src

To view bridge_a_clients use:
ipset bridge_a_clients list

To view bridge_b_clients use:
ipset bridge_b_clients list

This is not optimal solution, but it should help you.

Regards!

2012/7/26 Ming-Ching Tiew <mctiew@yahoo.com>:
> When a client X is connected to the server, is there a way for the server to
> know client X is connected via which bridge ?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html