Marcel Weber wrote:
> My idea was now, to put a linux box as a bridge between them and to filter
> out any IP traffic that is not if interest for the small location. They're
> primarerly working with citrix terminal server.
Good idea.
> So I put up a debian woody box. The briding thing was easy though, expept
> that I cannot filter IP traffic with IPTables. The ethernet packets go
> directly from one interface to another. I tried to apply the patches
> mentioned in this list (bridge-nf-2001.xxxx and the rest of it) but I cannot
> compile the kernel. And furthermore I read somewhere in the forum that this
> code is already part of the 2.4.9 kernel. Well, ahem, I have to say, as I'm
> new to this, quite confusing.
Bridging and netfilter integration is currently being developed. Parts of it
has been integrated into the 2.4.9 kernel, parts are still under development.
In all versions, for filtering to work you need to load the kernel module
br_passthrough ("modprobe br_passthrough" should do).
I haven't looked into how well the unpatched 2.4.9 bridge integrates with
netfilter, but I do use the 20010902-2 patch with great success for NAT (apart
from some minor issues which is not yet a problem for me).
> Could anybody explain to me how this stuff works step by step? I think I'm
> not the only one having problems (If I am, well...)
You need a kernel compiled with
a) Bridging
b) Bridge netfilter integration
c) netfilter
d) the netfilter modules you want to use
plus the brctl and iptables tools you already have.
Then run
modprobe br_passthrough
to enable the bridge filter
and set up your iptables ruleset, configure the bridge interface and so on.
--
Henrik Nordstrom
MARA Systems AB
Sweden
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
