> In reality the firewall have this interface. It has 6 interfaces.
> My question was not about how to manage this machine (it has a special
> interface only for management), but how to route some traffic from
> bridge to non bridge interface. The bridge has not IP address and i am
> using DNAT for it. But in kern.log i see this:
>
> Performing cross-bridge DNAT requires IP forwarding to be enabled
>
> but ip_forwarding is turned on, it is set to "1".
>
>
> It is probably a bug in bridge code.
What are your _exact_ rules that trigger this message?
Are you using the iptables REJECT target? If so, try this patch to the kernel
(which has been in Harald's iptables "patch queue" for a few months now):
--- linux-2.5.45/net/ipv4/netfilter/ipt_REJECT.c Thu Oct 31 01:43:38 2002
+++ linux-2.5.45-new/net/ipv4/netfilter/ipt_REJECT.c Sat Nov 2 18:58:44 2002
@@ -76,6 +76,10 @@
nskb->nf_debug = 0;
#endif
nskb->nfmark = 0;
+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE)
+ nf_bridge_put(nskb->nf_bridge);
+ nskb->nf_bridge = NULL;
+#endif
tcph = (struct tcphdr *)((u_int32_t*)nskb->nh.iph + nskb->nh.iph->ihl);
--
cheers,
Bart
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
