Hi everyone,
Sebastian Malcolm <[EMAIL PROTECTED]> sent me the following
information which allowed me to get ebtables+briding+netfilter running with
the current 2.4.21-4 Debian kernel sources.
> The patches available at http://ebtables.sourceforge.net/ for 2.4.21 need to
> be applied (but didn't patch cleanly for me and I had to do some comparision
> by eye of what changes (HUNKS) failed and fix them manually.
>
> Now, the 'magic' bit is some advice I found here:
> "How I built my bridging firewall in Linux..."
> http://small.dropbear.id.au/docs/adslfirewall.html
>
> The most important text is:
> ============
> The 2.4.21 kernel patch didn't work cleanly and I needed to manually fix a
> few files to get it to patch and compile.
>
> * net/Makefile : Add "bridge/netfilter" to the mod-subdirs line
> * net/ipv4/ip_output.c : Add 4 lines from the rej file. Note that in the
> last file the pointer handle "skb2" is now called "to" and "skb" is called
> "from" so make sure you make those adjustments when you do your
> hand-patching.
> * net/bridge/br_netfilter.c : Uses old route table functions and a
> structure that doesnt have pmtu any more. Use the patch at
> http://www.linuxhq.com/kernel/v2.5/47/net/bridge/br_netfilter.c.
> ============
>
> Following the advice in adslfirewall.html allowed me to configure a kernel
> with ebtables+briding+netfilter and compile it completely as a debian
> package using "make-kpkg" command from the "kernel-package" debian package.
The mentioned patch didn't work for the debian sources, so I'll include my
changed version as attachment to this mail.
Additionally I had to manually apply rejected patches to br_input.c.
Thanks so much Sebastian!
Andy.
--
http://peru.spiegl.de Our project
http://radiomaranon.org.pe Radio Mara��n, Ja�n, Per�
o _ _ _
------- __o __o /\_ _ \\o (_)\__/o (_) -o)
----- _`\<,_ _`\<,_ _>(_) (_)/<_ \_| \ _|/' \/ /\\
---- (_)/ (_) (_)/ (_) (_) (_) (_) (_)' _\o_ _\_v
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To be meek, patient, tactful, modest, honorable, brave is not
to be either manly or womanly; it is to be humane. -- Jane Harrison
--- br_netfilter.c.orig Sun Aug 31 21:25:28 2003
+++ br_netfilter.c Sun Aug 31 21:30:51 2003
@@ -57,7 +57,8 @@
dst: {
__refcnt: ATOMIC_INIT(1),
dev: &__fake_net_device,
- pmtu: 1500
+ path: &__fake_rtable.u.dst,
+ metrics: {[RTAX_MTU] 1500},
}
},
@@ -158,8 +159,11 @@
if (ip_route_input(skb, iph->daddr, iph->saddr, iph->tos,
dev)) {
struct rtable *rt;
+ struct flowi fl = { .nl_u =
+ { .ip4_u = { .daddr = iph->daddr, .saddr = 0 ,
+ .tos = iph->tos} }, .proto = 0};
- if (!ip_route_output(&rt, iph->daddr, 0, iph->tos, 0)) {
+ if (!ip_route_output_key(&rt, &fl)) {
/* Bridged-and-DNAT'ed traffic doesn't
* require ip_forwarding.
*/
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
