Re: [Bridge] iptables

Thu, 18 Apr 2002 09:07:28 -0700 


On Sun, Apr 14, 2002 at 05:02:03AM +0300, alex wrote:

> Hello!

Hi!


> First, I want to thank the developers of this bridge for
> they're work. It really really helped me.

You're welcome.  Willing to submit a testimonial?


> Now, the problems :-)
> 
> When I only had the bridge with no iptables patch it worked
> flawlessly but I really needed to limit the traffic from one
> interface to another and I installed the bridge firewall.
> 
> I had something like this (perl):
>      system("$ipt -A internet -j internet_dn -d $ip -m limit --limit $viteza_dn/s 
>--limit-burst $burst_dn  -c $i_p $i_b");
>      system("$ipt -A internet -j internet_up -s $ip -m limit --limit $viteza_up/s 
>--limit-burst $burst_up -m mac --mac-source $m mac --mac-source $mac -c $o_p $o_b");
> and it worked.
> 
> After the firewall code, it didn't worked anymore, and after
> 10 hours of trying possibilities I found that mac address was
> a lame fix (and unwanted but neccessary) and I changed the 2nd line in:
>      system("$ipt -A internet -j internet_up -s $ip -m limit --limit $viteza_up/s 
>--limit-burst $burst_up  -c $o_p $o_b");
>   
> Well, it works now, but I can't limit the machine on mac
> address. Somebody would say that I sould use the arp daemon,
> but I only want to limit someone the access to the internet
> not on my machine (I also run samba there).

I'm not totally sure what you mean here.. but can I summarise
this as 'the mac-source match does not work'?


> 2nd problem is that Windows 2000/XP will not enter on a machine
> which is on the other side of the bridge with it's name (like
> \\machine) ... I have to type it's name: \\192.168.1.5

Are you blocking DNS access?  NetBIOS traffic?  Are you running
a Win2k domain in mixed mode?

Either way, this definitely sounds like a configuration problem.


> 3rd is that I have another Inet server on the other side of
> the bridge and I can't use it's masquerading facility. It
> just don't work. The packets arrive at the machine but will
> not return. And this server reports that the packets comes
> from the bridging machine.

This also sounds like a config problem.  Can you provide tcpdumps?


cheers,
Lennert
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge

Reply via email to