Hi, I am trying to set up my firewall/bridge/ebtables box for remote logging,
but the packets seem to be lost after the iptables OUTPUT chain. Syslog is
generating those packets and trying to send them via SSH on udp port 514. They
appear in the iptables OUTPUT chain just fine, with correct source
(198.122.47.17, on eth0) and destination addresses (198.122.47.20). I have
also added a logging rule to ebtables:
ebtables -A OUTPUT -p IPV4 --ip-source 198.122.47.17 --ip-destination
198.122.47.20 -j LOG --log-level 0
If I'm thinking about this correctly, the packet should leave the iptables
OUTPUT chain and then transverse the ebtables OUTPUT chain before being sent
out the NIC. However, the above logging rule shows nothing, and none of the
packets ever leave the box.
To ensure that it knows where to find the logserver, I have added a route:
ip route add 198.122.47.20 dev eth0.
In addition, I have set up a static ARP entry,
ip neigh add 198.122.47.20 lladdr 00:08:C7:4A:08:52 dev eth0,
where that MAC address is of course that of the log server. Also, ip
forwarding is enabled in /proc/sys/net/ipv4/ip_forward (I also enabled it in
/etc/sysctl.conf and /etc/sysconfig/network just to be sure).
I have kernel 2.4.17, stock iptables, bridge-utils 0.9.5 and corresponding
patch, ebtables 1.02 and kernel patch. All of that works perfectly.
This problem seems somewhat related to my DNAT'ing problem from a few weeks
back, but that's a whole 'nother can of worms. Any help would be appreciated.
Thanks,
Eric
__________________________________________________
Do You Yahoo!?
Yahoo! Greetings - Send FREE e-cards for every occasion!
http://greetings.yahoo.com
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
