----- Original Message ----- From: "Mark S." <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 18, 2002 7:58 PM Subject: Re: [Bridge] iptable RULES don't work. why?
> My bridge machine consits of: > > Dual PentiumIII 850mhz > 2gb RAM > Linux 2.4.18 + bridge-nf-0.0.6-against-2.4.18.diff > eth0 3com 9* series PCI > eth1 Intel Ethernet Pro 100 > eth2 Intel Ethernet Pro 100 OK. > I have netfilter enabled, bridging enabled, and bridge firealling enabled > in the kernel. eth1 and eth2 are set up for bridging. Packets traverse > through the bridge, without any problems. However, I cannot filter them. > Any IPTABLE rule I set only block for eth0, and prevent my sniffer > (tcpdump) from seeing the packets going through the bridge -- but, the > traffic passes through without any problem still. > > I have followed the HOWTO verbatim, and I have had no luck. I have tried > various alternative configurations, including trying the 2.2.20 kernel + > ipchains for bridging/filtering, which also did nothing. I don't know > what else I need to do to troubleshoot this matter. If anyone can help, > or needs more information on my configuration than I have provided here > before helping me, please let me know what those things are. How can you think that this general information is of any use without details? > I apologize for reposting my question(s) on the matter to the list. I've > been receiving a lot of replies, off list, along the lines of "RTFM", > which aren't constructive in the least -- I have read the documentation > and tried everything to no avail, and I could really use some help here > now. First you post a huge message. Three hours later (not _that_ long) you post you solved it. If you are stuck and feel like asking help, it's usually very good not to do this and think everything over again. In that mail you only talk about the INPUT chain to block an IP completely. This triggers a RTFM in anyone's mind who knows something about iptables. So me people are so kind to let you know this ;), some choose to not do this. But everybody thinks it. So, for your own good, read the manual before even thinking about asking. Then, on the 18th, another post. This time very short and totally useless, I quote: "if I block all traffic from 1.1.1.1 to 1.1.1.2 (which, of course, passes through the bridge), the packets are still passed through" Euh, say what? Next, this message, again without information for us to know what you are doing wrong. Saying "trying the 2.2.20 kernel + ipchains for bridging/filtering, which also did nothing" lets us know you are doing something wrong, that's it. cheers, Bart _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
