I use a package called VMware. VMware has it own bridging solution which does work but, I want to configure my own bridge so that I can filter packets prior to touching the virtual interface.
I have configured the bridge in the past successfully between to real interfaces. I have never configured packet filtering or a firewall on a bridge.
This is a 2.4.9 kernel without any kernel patches, do I need any?
My script
/sbin/brctl addbr br0
/sbin/brctl addif br0 eth0
/sbin/brctl addif br0 vmnet1
/sbin/ifconfig eth0 0.0.0.0
/sbin/ifconfig vmnet1 128.210.101.246 #vmware required me to give it a real IP 0.0.0.0 would not work?
/sbin/route del -net 128.210.101.0 netmask 255.255.255.0 dev vmnet1 # don't want the route added for this interface
/sbin/ifconfig br0 128.210.101.245 netmask 255.255.255.0 broadcast 128.210.101.255 up
/sbin/route add -net default gw 128.210.101.1
All seems to work fine. I have fully bridged connectivity to and from the virtual interface, and all vmware instances running on it.
Now to the firewalling part:
I am still using IPChains - my script is to long to easily convert to iptables.
Using just a basic IPChains script to block everything:
/sbin/ipchains -F
/sbin/ipchains -P input DENY
/sbin/ipchains -P output REJECT
/sbin/ipchains -P forward REJECT
This stop all traffic to and from BR0 128.210.101.245 and vmnet1 128.210.101.246 but not to a virtual computer running within vmware with IP 128.210.101.247.
So to recap I have the bridge working but not the firewalling behind the bridge. Do I need to use iptables instead of ipchains? Do I need a kernel patch.
Thank you for your time in advance!
