[Bridge] problem bridging

[Bridge] problem bridging

[Omar Armas]

[-- Attachment #1: Type: text/plain, Size: 652 bytes --]

Hi, I did a bridge with kernel 2.4.34 and two intel e1000 network cards.

I setup the bridge with:

     /usr/sbin/brctl addbr br0
     /usr/sbin/brctl addif br0 eth0
     /usr/sbin/brctl addif br0 eth1
     /sbin/ifconfig eth0 0.0.0.0 promisc
     /sbin/ifconfig eth1 0.0.0.0 promisc
     /sbin/ifconfig br0 up

My configuration is:

router
|
Bridge
|
LAN


but my problem is that it always passes all traffic, no matter if I  
set FOWARD iptables chain to DROP:
iptables -P FORWARD DROP

When I do this the all traffic and protocols continue passing.
Any idea why?


Omar Armas
Oficina: +52 55 56044655
Movil: 04455 1867 8953
oarmas@mpsnet.net.mx




[-- Attachment #2: Type: text/html, Size: 2448 bytes --]

Re: [Bridge] problem bridging

[Stephen Hemminger]

On Wed, 24 Jan 2007 14:19:14 -0600
Omar Armas <oarmas@mpsnet.net.mx> wrote:

> Hi, I did a bridge with kernel 2.4.34 and two intel e1000 network cards.
> 
> I setup the bridge with:
> 
>      /usr/sbin/brctl addbr br0
>      /usr/sbin/brctl addif br0 eth0
>      /usr/sbin/brctl addif br0 eth1

>      /sbin/ifconfig eth0 0.0.0.0 promisc
>      /sbin/ifconfig eth1 0.0.0.0 promisc

These two are unnecessary the bridge does it itself.

>      /sbin/ifconfig br0 up
> 
> My configuration is:
> 
> router
> |
> Bridge
> |
> LAN
> 
> 
> but my problem is that it always passes all traffic, no matter if I  
> set FOWARD iptables chain to DROP:
> iptables -P FORWARD DROP

iptables FORWARD rules apply to routing not bridging

See:
	http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html#section6


> When I do this the all traffic and protocols continue passing.
> Any idea why?
> 
> 


-- 
Stephen Hemminger <shemminger@linux-foundation.org>

Re: [Bridge] problem bridging

[Omar Armas]

[-- Attachment #1: Type: text/plain, Size: 472 bytes --]

>
> iptables FORWARD rules apply to routing not bridging
>
> See:
> 	http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html#section6


I recompiled with kernel 2.6.19, included ebtables modules and now it  
is working, I can filter with iptables and the FORWARD chain.
I just want to confirm, was that the correct way to do it? Would have  
it worked if I had patched 2.4 with ebtables?


Omar Armas
Oficina: +52 55 56044655
Movil: 04455 1867 8953
oarmas@mpsnet.net.mx




[-- Attachment #2: Type: text/html, Size: 2623 bytes --]

Re: [Bridge] problem bridging

[Stephen Hemminger]

On Thu, 25 Jan 2007 13:08:23 -0600
Omar Armas <oarmas@mpsnet.net.mx> wrote:

> >
> > iptables FORWARD rules apply to routing not bridging
> >
> > See:
> > 	http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html#section6
> 
> 
> I recompiled with kernel 2.6.19, included ebtables modules and now it  
> is working, I can filter with iptables and the FORWARD chain.
> I just want to confirm, was that the correct way to do it? Would have  
> it worked if I had patched 2.4 with ebtables?
> 

Yes. if you don't have ebtables then the bridge does no filtering
> 


-- 
Stephen Hemminger <shemminger@linux-foundation.org>