Hey all!
First post and of course it's a question ;) I am
currently using bridging with kernel 2.4.20 and
patches ebtables-v2.0.003 and bridge-nf-0.0.10. My
setup is as follows:
Net
|
Router
| eth1
Linux Gateway
| eth0
Switch
My external gateway interface is eth1, internal is
eth0, and of course I have br0 as the bridge
interface. I'm using a FORWARD table that handles
about 99% of the traffic. I also run Snort on this
machine and spamassassin with postfix as well. I
attach snort to eth1 to snag all the traffic. My
question/observation is when I add the same rule to
each interface the result is not always the same.
Example:
iptables -I FORWARD -i eth1 -p icmp -j DROP | this
will block the traffic as usual
iptables -I FORWARD -i br0 -p icmp -j DROP | this will
block the traffic as usual
iptables -I FORWARD -i eth0 -p icmp -j DROP | this
will NOT block the traffic
What I'm trying to acheive is to allow ALL the traffic
to hit eth1, and then block whatever I want on eth0.
So far all my rules have not included any interface
specification and they all work fine, but I'm
wondering if it is interfering with Snort seeing data
within the packets as some rules block the data (even
though I know snort is listening at the ethernet layer
and not the network layer). Any thoughts on this?
Thanks all!
James
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
