Hi
I read a lot of stuff in this list and other documentation about bridging
and netfilter. The thing is the following: I have to put up a netfilter for
my company. There is a small location directly attached to the LAN via 128
kBit IDSN Link. The problem we experience is, as this location is on the
same netmask a lot of chatty network stuff goes over this link that
shouldn't. The baddest thing is norton ghost that closes the link
completely...
My idea was now, to put a linux box as a bridge between them and to filter
out any IP traffic that is not if interest for the small location. They're
primarerly working with citrix terminal server.
So I put up a debian woody box. The briding thing was easy though, expept
that I cannot filter IP traffic with IPTables. The ethernet packets go
directly from one interface to another. I tried to apply the patches
mentioned in this list (bridge-nf-2001.xxxx and the rest of it) but I cannot
compile the kernel. And furthermore I read somewhere in the forum that this
code is already part of the 2.4.9 kernel. Well, ahem, I have to say, as I'm
new to this, quite confusing.
Could anybody explain to me how this stuff works step by step? I think I'm
not the only one having problems (If I am, well...)
I do the following things ( on a pentium 120 box with two RTL 8139A
controllers, debian woody with kernel 2.4.9 )
brctl addbr br0
brctl addif eth0
brctl addif eth1
ifconfig eth0 0.0.0.0 (dunno why, but I read this somewhere)
ifconfig eth1 0.0.0.0
Then I'm starting the br0 device using DHCP (actially not this way, but I
put br0 as a normal interface into /etc/network/interface with a iface br0
DHCP line)
dhclient br0
ifup br0
I get an IP address and I can connect to the box, etc.
Using iptables I have only an INPUT, FORWARD, and OUTPUT chain. Applying
rules to them affect only the box itself but not the bridged packets. So
here im stuck: How can I apply rules to the bridged stuff. Say for example I
want to block all traffic on port 137 from beeing bridged?
I would be glad if someone could help me.
Marcel
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
