On Wednesday 27 April 2005 10:36 am, George Georgalis wrote: > testing knockd on a box worked fine. when I put it in production, I > couldn't knock through the fairly strict bridge. the bridge does ALLOW > the ports in the combination to pass through, but I cannot knock across > it, and I get no drop/reject entries in the log (target or bridge) > either.
Ah... it's entirely possible then that the packets being sent for the knock
are sufficiently strange that the restrictive bridge is squelching them.
> So I was thinking to fudge it an make the target available and run
> knockd on the bridge, to add/remove a FORWARD rule there for access to
> the target. Then I recalled, when I tried knockd on lo, I got an error
> no MAC address. So I assume it cannot listen on br0 either.
Well, it might. This will tell you if there's a MAC addr:
/sbin/ip link show br0
('ip' only exists if you have iproute2 installed)
Gregory
--
Gregory K. Ruiz-Ade <[EMAIL PROTECTED]>
OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu
pgpZ1Rgg21QR7.pgp
Description: PGP signature
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
