Hi,
I am trying to get a bridge+nf working but, until now, I couldn't.
The bridge is working fine, but it seems to "ignore" iptables.
I will list what I have done and what is my environment.
I have already read BRIDGE-STP HOWTO, documents at
bridge.sourceforge.net (FAQ, Firewalling for Free and Sparkle Article)
and HOWTO and FIREWALL at doc directory in bridge-utils tree.
Slackware 8.0
kernel 2.4.18 (original tree got from www.kernel.org)
bridge-nf-0.0.7-against-2.4.18.diff (applied without errors/warnings)
(kernel compiled fine and reboot)
bridge-utils-0.9.5.tar.gz (installed at /usr/bin)
iptables 1.2.6a (just make and make install. didn't applied
pending-patches or whatelse)
(recompiled it after kernel recompilation)
networking options -> netfilter options = all options marked
networking options -> bridge/bridge firewall = marked (bridge as
module)
NET4: Ethernet Bridge 008 for NET4.0 (ok at dmesg)
Bridge firewalling registered (ok at dmesg)
/proc/sys/net/ipv4/ip_forward contains 0
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig eth0 0.0.0.0
ifconfig eth1 0.0.0.0
ifconfig br0 up
brctl sethello br0 60
I tried:
to change policy of FORWARD chain to DROP
(iptables -P FORWARD DROP)
to apply FORWARD rule as
(iptables -A FORWARD -j DROP)
and finally I changed policy for all chains to DROP
(iptables -P INPUT DROP; iptables -P OUTPUT DROP)
iptables -vL show zero for all counters, including FORWARD ones.
Well, I think I didn't miss any detail but, it is still not working.
It doesn't matter how I configure iptables, the packets keep been
forwarded.
One important notice: brctld is at /usr/bin too, but its not running.
I mean, after bridge working there is no brctld process at ps axf.
Please, could somebody help me to find what was my mistake ?
I apologize for my bad english and I would like to say thank you to
the Bridge Team.
Best regards,
Freitas
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
