I've been trying to test a redundant bridging firewall configuration using iptables with the bridge netfilter patch. But I've had some trouble with the configuration and don't seem to be getting results similar to those in the Bridge-STP HOWTO.
I've setup two identically configured boxes on redundant paths between two STP enabled Cisco switches. Well, actually it is a single switch configured so that the 4 ports are actually on separate VLANs (one private, one public). Logically, it should be the same as having the machines between two switches. Kernel: Redhat 2.4.18-17-8.0 Patch: bridge-nf-0.0.7 The root bridge has a slightly higher priority than the secondary bridge. When both machines are brought online the switch blocks the private side port on the secondary bridge. I was hoping that the block would instead occur on the secondary bridge itself, not at the switch. I've tried increasing the path cost on the secondary bridge private side port, but this had no effect on the block. Any ideas on how to do this? I'd rather have the block on my equipment since I don't control the switch directly. Also, the bridges don't seem to be changing state properly (as I understand it) during failover. I've performed the "Kill the Bridge Test" from the HOWTO by pulling ethernet connections out of the root bridge and then restoring them. A topology change is noted on the root bridge, but there are no neighbor notifications or changes to disabled state. Also, when the root bridge is restored failback occurs, but since the ports are already in forwarding state there is a small network hiccup before the switch detects the loop and blocks the port. Normal this wouldn't happen, since the root bridge should start in the listening/learning state. Anyone else experience this or am I misunderstanding the state transitions. Sorry for not including more detailed logs, but hopefully this description can spark a few suggestions. Any general links to configuring bridges or STP would be appreciated as well. Thanks, Addam _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
