Hi I have the same problem. I found that if I do tcpdump on the component interfaces, it sees the traffic. I assume that this is caused by the patch making the packets appear from the component devices rather than the bridge (ie, you use iptable rules based on eth0 and eth1, not br0).
This doesn't solve my problem, because I want to use nmap. When I just run it it uses br0 and doesn't see the packets. And nmap is unhappy when I tell it to use eth0 instead of br0, because there is no configured ip address for that interface (and specifically telling nmap an address to use doesn't work, with it complaining when it tries to figure out the netmask). I wonder if it would be possible to make the traffic appear BOTH when you capture on eth0 AND br0. Leif -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dan Watson Sent: Friday, October 26, 2001 1:11 PM To: [EMAIL PROTECTED] Subject: [Bridge] Packet Capture Problems I have a bridge using kernel 2.4.12 with the 20010709-2 bridge patches; the bridge code is built as a module. The bridging and netfilter both work fine, but packet capture doesn't work right when the br_passthrough module is loaded. Running tcpdump on the bridge interface (br0) only reports broadcast traffic and traffic from (but not to) the bridge (IP address on br0). Without the br_passthrough module loaded, tcpdump shows all of the traffic crossing the bridge. The difference can be observed by using insmod/rmmod br_passthrough. I assume that this is a bug rather than a feature because it changes the expected behavior bridge interface. This is especially a problem because there is no way to capture packets on the individual interfaces in the bridge. _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
