> kernel : REJECTED PACKET: IN=br0 PHYSIN=eth0 OUT=br0 PHYSOUT=eth1 > SRC=10.1.2.10 DST=10.1.2.11 LEN=57 TOS=0x10 PERC=0x40 TTL=127 ID=44775 DF > PROTO=TCP SPT=1790 DPT=25 WINDOW=64172 RES=0x00 ACK PSH UGRP=0 > > Why does it say that the packet came in on eth0, that interface in > connected to my ISP (in the little diagram I drew earlier)?
I think your 10.1.2.10 box is sending messages to 10.1.2.11 using the default gateway. The reason is shown below. > I also started tcpdump on eth0 and eth1 on the bridge computer, and on > computer 2. This is the arp messages I got from tcpdump. > > Bridge computer eth0: > arp who-has 10.1.2.11 tell 10.1.2.10 > arp reply 10.1.2.11 is-at 0:0:c:7:ac:21 > > Bridge computer eth1: > arp who-has 10.1.2.11 tell 10.1.2.10 > arp reply 10.1.2.11 is-at 0:0:c:7:ac:21 > > Computer 2: > arp who-has 10.1.2.11 tell 10.1.2.10 > arp reply 10.1.2.11 is-at 0:50:da:92:2c:84 > > > The hardware address 0:0:c:7:ac:21 is the default gw, the correct hw > address for computer 2 is 0:50:da:92:2c:84 > > Why does the bridge report that 10.1.2.11 is on the hw address of the > default gw? The default gateway knows how to get to 10.1.2.11 and tells this with an arp reply. IMHO, I don't think that is correct behaviour from that default gateway (it's a local address). I think you're best off stopping those ARP requests from going on the eth0 wire. You can use ebtables for this :) Probably the only ARP requests that should go onto the eth0 wire are those for the default gateway. -- cheers, Bart _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
