Hi Everyone!
I'm in trouble with bridge firewalling. If anyone could help me please do
it!
Note: I'm not on the mailing list so please answer me this address (too):
[EMAIL PROTECTED]
I have the following config:
- PC with two SMC 1211 TX card
- 2.4.13 kernel patched by 2.4.13-ac7 and bridge-nf-0.0.3 (newest version at
now)
- Ether card driver is compiled as a module, called 8139too.o
- netfilter and iptables are enabled of course (at bridge too)
I tried to set up the bridge as following:
# ifconfig eth0 up
(Nov 22 16:14:30 localhost kernel: eth0: Setting 100mbps full-duplex
based on auto-negotiated partner ability 45e1.)
# ifconfig eth1 up
(Nov 22 16:14:30 localhost kernel: eth1: Setting 100mbps full-duplex
based on auto-negotiated partner ability 45e1.)
# brctl addbr br
# brctl addif br eth0
(Nov 22 16:15:06 localhost modprobe: modprobe: Can't locate module
net-pf-10
Nov 22 16:15:06 localhost kernel: eth0: Promiscuous mode enabled.
Nov 22 16:15:06 localhost kernel: device eth0 entered promiscuous mode)
[If I typed 'ifconfig' at this point I noticed that PROMISC was _NOT_ set on
the interface!!!]
brctl addif br eth1
(Nov 22 16:15:06 localhost modprobe: modprobe: Can't locate module
net-pf-10
Nov 22 16:15:06 localhost kernel: eth1: Promiscuous mode enabled.
Nov 22 16:15:06 localhost kernel: device eth1 entered promiscuous mode)
[This iface was not gone to PROMISC mode too]
[At here I set both ifaces to promiscous mode by hand]
# ifconfig eth0 promisc
(Nov 22 16:17:01 localhost kernel: eth0: Promiscuous mode enabled.)
# ifconfig eth1 promisc
(Nov 22 16:17:01 localhost kernel: eth1: Promiscuous mode enabled.)
[Both ifaces are gone to PROMISC right]
# ifconfig br up
(Nov 22 16:17:55 localhost kernel: br: port 2(eth1) entering listening
state
Nov 22 16:17:55 localhost kernel: br: port 1(eth0) entering listening
state
Nov 22 16:18:10 localhost kernel: br: port 2(eth1) entering learning
state
Nov 22 16:18:10 localhost kernel: br: port 1(eth0) entering learning
state
Nov 22 16:18:25 localhost kernel: br: port 2(eth1) entering forwarding
state
Nov 22 16:18:25 localhost kernel: br: topology change detected, sending
tcn bpdu
Nov 22 16:18:25 localhost kernel: br: port 1(eth0) entering forwarding
state
Nov 22 16:18:25 localhost kernel: br: topology change detected)
[Bridge is worked fine at this point! Eg. ping received responses.]
# iptables -N br
# iptables -A br -p icmp -j DROP
MAIN PROBLEM: After above ping received responses anyway!!
I tried to set other matches but noone is blocked any packets.
I've noticed the 'missing net-pf-10' log line but I don't know what it is.
I'm sure, packet filtering was enabled at compilation.
Everything is compiled in into the kernel except net driver module.
Is anyone know what did I wrong?
Thanx for help!
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
