> > using DNAT for it. But in kern.log i see this: > > > > Performing cross-bridge DNAT requires IP forwarding to be enabled > > > > but ip_forwarding is turned on, it is set to "1". > > > > > > It is probably a bug in bridge code. > > What are your _exact_ rules that trigger this message? > Are you using the iptables REJECT target? If so, try this patch to the kernel > (which has been in Harald's iptables "patch queue" for a few months now): > > --- linux-2.5.45/net/ipv4/netfilter/ipt_REJECT.c Thu Oct 31 01:43:38 2002 > +++ linux-2.5.45-new/net/ipv4/netfilter/ipt_REJECT.c Sat Nov 2 18:58:44 2002 > @@ -76,6 +76,10 @@ > nskb->nf_debug = 0; > #endif > nskb->nfmark = 0; > +#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) > + nf_bridge_put(nskb->nf_bridge); > + nskb->nf_bridge = NULL; > +#endif > > tcph = (struct tcphdr *)((u_int32_t*)nskb->nh.iph + nskb->nh.iph->ihl); >
No, i dont use REJECT target. I use DROP target, but i log all what is dropped: /sbin/iptables -N droplog ##/sbin/iptables -A droplog -m limit --limit 60/minute -j LOG --log-prefix DropLog: /sbin/iptables -A droplog -j LOG --log-prefix DropLog: /sbin/iptables -A droplog -j DROP and in kernel log is not about dropping, only the message: kernel: Performing cross-bridge DNAT requires IP forwarding to be enabled kolisko > > -- > cheers, > Bart > > _______________________________________________ > Bridge mailing list > [EMAIL PROTECTED] > http://www.math.leidenuniv.nl/mailman/listinfo/bridge -- --- Michal Kolesár [EMAIL PROTECTED] http://kolisko.penguin.cz +420.777.225.297 Don't send me any attachment in Micro$oft (.DOC, .PPT) format please Read http://www.fsf.org/philosophy/no-word-attachments.html Preferable attachments: .PDF, .HTML, .TXT Thanx for adding this text to Your signature _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
