Well, I'm embarassed to say that the packets have been going out all along.
I neglected to open the port on my receiving computer. B( They don't appear
to be traversing any of the ebtables chains that they should be, though.
I have logging rules on the FORWARD, OUTPUT, POSTROUTING, and nat OUTPUT
chains, and the packets do not appear on any of them, even though they are
definitely going out. From what you and Lennert have said, they should be
traversing the FORWARD chain on my original setup, and the OUTPUT chain after
applying that patch (and of course the POSTROUTING chain in both instances).
Just to be certain, I turned all policies to DROP in ebtables (on all six
chains), flushed all chains, and then watched several packets successfully
leave the NIC and arrive at the log server (this is after Bart's patch was
applied, but it looks like this was true before the patch as well). So, at
least my problem is solved. Props to Bart and Lennert, thanks for all your
help.
Eric
--- Bart De Schuymer <[EMAIL PROTECTED]> wrote:
>
> ----- Original Message -----
> From: "Eric Low" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, March 01, 2002 8:15 PM
> Subject: [Bridge] locally generated packets lost after output chain
>
>
> > Hi, I am trying to set up my firewall/bridge/ebtables box for remote
> logging,
> > but the packets seem to be lost after the iptables OUTPUT chain. Syslog
> is
> > generating those packets and trying to send them via SSH on udp port 514.
> They
> > appear in the iptables OUTPUT chain just fine, with correct source
> > (198.122.47.17, on eth0) and destination addresses (198.122.47.20). I
> have
> > also added a logging rule to ebtables:
> > ebtables -A OUTPUT -p IPV4 --ip-source 198.122.47.17 --ip-destination
> > 198.122.47.20 -j LOG --log-level 0
> > If I'm thinking about this correctly, the packet should leave the iptables
> > OUTPUT chain and then transverse the ebtables OUTPUT chain before being
> sent
> > out the NIC. However, the above logging rule shows nothing, and none of
> the
> > packets ever leave the box.
>
> Try this patch and plz say if it solves it. I posted it some time ago
> (January 15th), but Lennert ignored/missed it.
>
> http://users.pandora.be/bart.de.schuymer/bridge-nf/bridge-nf-vs-0.0.6-OUTPUT
> .diff
>
> If your packets are routed then the bridge-nf patch will make the packets go
> through the ebtables FORWARD chain instead of the ebtables OUTPUT chain
> (without this patch). I don't like it...
> So my guess is your packets are dropped by a rule in the ebtables FORWARD
> chain.
>
> cheers,
> Bart
>
__________________________________________________
Do You Yahoo!?
Yahoo! Sports - sign up for Fantasy Baseball
http://sports.yahoo.com
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
