I recently brought up a bridge / firewall. Works great except for one issue
(maybe 2).
My general topology is as follows:
ETH0 ETH1
DSL router ----- Firewall box -----------------
| | | |
A B C Backup
Well, actually there is a switch between the firewall box and the other
systems but that was harder to draw :). The firewall box is also my web
server serving a number of domains so it has a lot of IP addresses (see
below).
I do my backups by NFS mounting the partitions from one of the systems on the
backup box and tar-gzip the data to the backup box. This has been working
fine for years. The backups for all the boxes except the firewall work fine
even with bridging enabled.
When I have brdging enabled (and only then) I get the following problems:
- When the backup of the firewall box commences, the mount works fine. But
within the first few hundred K copied it hangs. At this point I can no longer
ping out in either direction from the firewall box and it seems to be totally
isolated. ip addr show on the firewall shows the ETH interfaces are still
promiscious and I don't see anything odd about the display. Deleting and
recreating the bridge device does not clear the problem. Rebooting does.
- In one case, I have seen a similar symptom except it wasn't totally
isolated. I was able to ping with about 90% loss.
- Seemingly, only when I have bridging enabled, I start getting ssh
disconnects with "corrupted MAC on input". Since I gather that is usually
caused by a broken network card I went through an exercise to swap the
network cards on all systems and was unable to influence the problem. The
disconnects are infrequent.
My kernel is 2.4.19 with the iptables patch applied. The distribution is
RH7.2 running the 2.4.19 kernel that I built.
All the network cards in my systems are 3Com 3C905, one rev or another.
result of ip addr show:
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: br0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 00:04:75:be:55:43 brd ff:ff:ff:ff:ff:ff
inet 206.111.125.130/26 brd 206.111.125.191 scope global br0
inet 206.111.125.150/26 brd 206.111.125.191 scope global secondary br0:0
inet 206.111.125.151/26 brd 206.111.125.191 scope global secondary br0:1
inet 206.111.125.152/26 brd 206.111.125.191 scope global secondary br0:2
inet 206.111.125.153/26 brd 206.111.125.191 scope global secondary br0:3
inet 206.111.125.154/26 brd 206.111.125.191 scope global secondary br0:4
inet 206.111.125.155/26 brd 206.111.125.191 scope global secondary br0:5
inet 206.111.125.156/26 brd 206.111.125.191 scope global secondary br0:6
inet 206.111.125.157/26 brd 206.111.125.191 scope global secondary br0:7
inet 206.111.125.158/26 brd 206.111.125.191 scope global secondary br0:8
inet 206.111.125.159/26 brd 206.111.125.191 scope global secondary br0:9
inet 206.111.125.160/26 brd 206.111.125.191 scope global secondary br0:10
inet 206.111.125.161/26 brd 206.111.125.191 scope global secondary br0:11
inet 206.111.125.162/26 brd 206.111.125.191 scope global secondary br0:12
inet 206.111.125.163/26 brd 206.111.125.191 scope global secondary br0:13
inet 206.111.125.164/26 brd 206.111.125.191 scope global secondary br0:14
inet 206.111.125.165/26 brd 206.111.125.191 scope global secondary br0:15
inet 206.111.125.166/26 brd 206.111.125.191 scope global secondary br0:16
inet 206.111.125.167/26 brd 206.111.125.191 scope global secondary br0:17
inet 206.111.125.168/26 brd 206.111.125.191 scope global secondary br0:18
inet 206.111.125.169/26 brd 206.111.125.191 scope global secondary br0:19
inet 206.111.125.170/26 brd 206.111.125.191 scope global secondary br0:20
inet 206.111.125.171/26 brd 206.111.125.191 scope global secondary br0:21
inet 206.111.125.172/26 brd 206.111.125.191 scope global secondary br0:22
inet 206.111.125.173/26 brd 206.111.125.191 scope global secondary br0:23
inet 206.111.125.174/26 brd 206.111.125.191 scope global secondary br0:24
inet 206.111.125.175/26 brd 206.111.125.191 scope global secondary br0:25
inet 206.111.125.176/26 brd 206.111.125.191 scope global secondary br0:26
inet 206.111.125.177/26 brd 206.111.125.191 scope global secondary br0:27
inet 206.111.125.178/26 brd 206.111.125.191 scope global secondary br0:28
inet 206.111.125.179/26 brd 206.111.125.191 scope global secondary br0:29
inet 206.111.125.180/26 brd 206.111.125.191 scope global secondary br0:30
inet 206.111.125.181/26 brd 206.111.125.191 scope global secondary br0:31
inet 206.111.125.182/26 brd 206.111.125.191 scope global secondary br0:32
inet 206.111.125.183/26 brd 206.111.125.191 scope global secondary br0:33
inet 206.111.125.184/26 brd 206.111.125.191 scope global secondary br0:34
inet 206.111.125.185/26 brd 206.111.125.191 scope global secondary br0:35
inet 206.111.125.186/26 brd 206.111.125.191 scope global secondary br0:36
inet 206.111.125.187/26 brd 206.111.125.191 scope global secondary br0:37
inet 206.111.125.188/26 brd 206.111.125.191 scope global secondary br0:38
inet 206.111.125.189/26 brd 206.111.125.191 scope global secondary br0:39
inet 206.111.125.190/26 brd 206.111.125.191 scope global secondary br0:40
3: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:04:75:be:55:43 brd ff:ff:ff:ff:ff:ff
4: eth1: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:50:04:aa:83:81 brd ff:ff:ff:ff:ff:ff
Any suggestions would be appreciated.
TIA,
Len Day
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
