From: Felipe W Damasio <felipewd@gmail.com>
To: netfilter@vger.kernel.org
Cc: Bruno Gustavo Wallauer <brunogw@gmail.com>
Subject: Re: ebtables broute DROP problem in production environment
Date: Thu, 24 Dec 2009 11:13:16 -0200 [thread overview]
Message-ID: <8a87046f0912240513m4c3cd0f2u565ef8e8b849f58@mail.gmail.com> (raw)
In-Reply-To: <8a87046f0912231022g438141afpfaa647ac0d01cdda@mail.gmail.com>
Hi,
2009/12/23 Felipe W Damasio <felipewd@gmail.com>:
> But when I plug eth0 on the production environment network (which
> uses multiple VLANs, one for the users and another for the internet),
> http traffic stop working (ie. doesn't get routed to squid).
One other thing: I tried using --log-level debug --log-ip log--arp
on the ebtables rules, and had several entries on my syslog such as
this:
Dec 23 19:24:47 hyper kernel: ebtables-broute IN=eth0 OUT= MAC source
= 00:21:a0:ce:9d:24 MAC dest = 00:1a:a2:5d:70:8d proto = 0x0800 IP
SRC=189.10.205.122 IP DST=189.73.192.220, IP tos=0x00, IP proto=6
SPT=3774 DPT=80
Dec 23 19:24:47 hyper kernel: ebtables-broute IN=eth0 OUT= MAC source
= 00:21:a0:ce:9d:24 MAC dest = 00:1a:a2:5d:70:8d proto = 0x0800 IP
SRC=189.10.204.12 IP DST=64.233.163.86, IP tos=0x00, IP proto=6
SPT=1260 DPT=80
Dec 23 19:24:47 hyper kernel: ebtables-broute IN=eth0 OUT= MAC source
= 00:21:a0:ce:9d:24 MAC dest = 00:1d:71:b0:23:11 proto = 0x0800 IP
SRC=189.58.246.156 IP DST=72.21.81.133, IP tos=0x00, IP proto=6
SPT=2253 DPT=80
Dec 23 19:24:47 hyper kernel: ebtables-broute IN=eth0 OUT= MAC source
= 00:21:a0:ce:9d:24 MAC dest = 00:1d:71:b0:23:11 proto = 0x0800 IP
SRC=189.58.247.99 IP DST=69.175.26.18, IP tos=0x00, IP proto=6
SPT=49392 DPT=80
Dec 23 19:24:47 hyper kernel: ebtables-broute IN=eth0 OUT= MAC source
= 00:21:a0:ce:9d:24 MAC dest = 00:1a:a2:5d:70:8d proto = 0x0800 IP
SRC=201.66.236.140 IP DST=174.140.128.6, IP tos=0x00, IP proto=6
SPT=2060 DPT=80
I suppose it means that the ebtables rules are working. But why
aren't they seen by the iptables rules?
Again, I tried using a single cross-cable connected machine and
these rules worked (and got logged just the the above).
Could this be a kernel bug?
Cheers,
Felipe Damasio
next prev parent reply other threads:[~2009-12-24 13:13 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <8a87046f0912231019l76e69a9eg52a529023d02237b@mail.gmail.com>
2009-12-23 18:22 ` ebtables broute DROP problem in production environment Felipe W Damasio
2009-12-23 20:48 ` Pascal Hambourg
2009-12-24 13:13 ` Felipe W Damasio [this message]
2009-12-29 22:18 ` Felipe W Damasio
2009-12-30 4:08 ` Felipe W Damasio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8a87046f0912240513m4c3cd0f2u565ef8e8b849f58@mail.gmail.com \
--to=felipewd@gmail.com \
--cc=brunogw@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).