thanks for your fast reply Bart :) >> Hello >> >> I have started to play a little with br-nf and I made a setup like this: >> I got around the problem by adding a rule like this: >> iptables -A FORWARD -p tcp -s 10.1.2.10 --destination-port 25 -j ACCEPT >> >> But then I have to rewrite this rule everytime the ip for Computer 1 >> changes, which I dont want to do :) > >You can filter on the MAC address of that host, which shouldn't change that >often as the IP address :)
true :) > >> I find it a little strange the packets get rejected by the bridge, because >> shouldnt the packets just travel through my switch from Computer 1 to >> Computer 2? > >You just said you are using the br-nf patch. If you don't want a bridging >firewall, don't patch your kernel with the br-nf patch.. Im sorry I wasnt clear on what I meant there.. what I meant to say was that I find it strange that the packets I send from Computer 1 to Computer 2 through the switch gets picked up and rejected by the bridge. I turned on logging on the rejected packets, and this is what I get when I tried to connect from Computer 1 to Computer 2:25... kernel : REJECTED PACKET: IN=br0 PHYSIN=eth0 OUT=br0 PHYSOUT=eth1 SRC=10.1.2.10 DST=10.1.2.11 LEN=57 TOS=0x10 PERC=0x40 TTL=127 ID=44775 DF PROTO=TCP SPT=1790 DPT=25 WINDOW=64172 RES=0x00 ACK PSH UGRP=0 Why does it say that the packet came in on eth0, that interface in connected to my ISP (in the little diagram I drew earlier)? I also started tcpdump on eth0 and eth1 on the bridge computer, and on computer 2. This is the arp messages I got from tcpdump. Bridge computer eth0: arp who-has 10.1.2.11 tell 10.1.2.10 arp reply 10.1.2.11 is-at 0:0:c:7:ac:21 Bridge computer eth1: arp who-has 10.1.2.11 tell 10.1.2.10 arp reply 10.1.2.11 is-at 0:0:c:7:ac:21 Computer 2: arp who-has 10.1.2.11 tell 10.1.2.10 arp reply 10.1.2.11 is-at 0:50:da:92:2c:84 The hardware address 0:0:c:7:ac:21 is the default gw, the correct hw address for computer 2 is 0:50:da:92:2c:84 Why does the bridge report that 10.1.2.11 is on the hw address of the default gw? /Kalle _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
