Re: [Bridge] Make 2.4.7 bridge-netfilter work

Thu, 30 Aug 2001 11:15:38 -0700 

On Wed, 29 Aug 2001, Bart De Schuymer wrote:

> No, it's not you :-)
> Didn't work with me either. You have to manually update the source files:
.
. (snip)
.
> I don't know why the patch doesn't work (and don't really care), but if you
> do the obvious deletes and adds it should be ok.
> As Lennert stated in that mail the patch will probably be in one of the
> coming new kernel releases, so soon this won't be necessary anymore...
>

Duhh!! Figured out the problem on my end.  Patch was saved as html and
the were funny html escape sequences around characters html thinks of as
special.

I've got my kernel built.  The bridge is bridging.  But packets are
getting past my filters.  To simplify things I got rid of all my user
defined chains and rules.  Set the policy for INPUT, OUTPUT, and FORWARD
to DROP.  But I can still ping thru the bridge.

Think all the right modules are loaded:

/lib/modules/2.4.7/kernel/net/bridge/bridge.o
/lib/modules/2.4.7/kernel/net/bridge/netfilter/br_passthrough.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ip_conntrack.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ip_nat_ftp.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ip_tables.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ipchains.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ipfwadm.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ipt_LOG.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ipt_MARK.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ipt_MASQUERADE.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ipt_REDIRECT.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ipt_REJECT.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ipt_TCPMSS.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ipt_TOS.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ipt_limit.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ipt_mac.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ipt_mark.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ipt_multiport.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ipt_state.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ipt_tcpmss.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/ipt_tos.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/iptable_filter.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/iptable_mangle.o
/lib/modules/2.4.7/kernel/net/ipv4/netfilter/iptable_nat.o

I did have to assign an ip number to br0 to get the bridge to
work.  And I did have to add some iptables rules to be able to
ssh to the firewall via the br0 interface.  So we have an odd
mix of things that are and are not working.

Is there some incantantion I am missing to get the rest working?


_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge

Reply via email to