Hello
I have started to play a little with br-nf and I made a setup like this:
+---------------+
| I S P |
| gw: 10.1.2.1 |
+---------------+
|
|
+--eth0------------------------+
| |
| Linux firewall/bridge |
| |
+---------------------eth1-----+
|
|
+------------------------------+
| Netgear |
| switch |
+------------------------------+
| |
| |
+-----------------+ +-----------------+
| computer 1 | | computer 2 |
| DHCP: 10.1.2.10 | | DHCP: 10.1.2.11 |
+-----------------+ +-----------------+
My ISP gives me the network settings with DHCP to both computers.
I set up the bridge with:
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig br0 up promic
ifconfig eth0 up promic
ifconfig eth1 up promic
and to get a little protection:
iptables -A FORWARD -p udp -i eth0 --destination-port 135:139 -j REJECT
iptables -A FORWARD -p tcp -i eth0 --destination-port 135:139 -j REJECT
iptables -A FORWARD -p tcp -i eth0 --destination-port 445 -j REJECT
iptables -A FORWARD -p tcp -i eth0 --destination-port 25 -j REJECT
I have a mailserver on Computer 2 which I dont want to be reachable from the internet,
but I want to use it from Computer 1.
The problem arises when I try to connect to the mailserver from Computer 1, sometimes
the packets from
Computer 1 to Computer 2:25 gets rejected, and sometimes I can connect just fine. Why
is that?
Shouldnt my rule for blocking port 25 only get triggered when a packet for port 25
comes in on eth0?
I got around the problem by adding a rule like this:
iptables -A FORWARD -p tcp -s 10.1.2.10 --destination-port 25 -j ACCEPT
But then I have to rewrite this rule everytime the ip for Computer 1 changes, which I
dont want to do :)
I find it a little strange the packets get rejected by the bridge, because shouldnt
the packets just travel
through my switch from Computer 1 to Computer 2?
/Kalle
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
