I use bridge br0 to link a tun/tap interface and eth0. I do this to give full networking functionality to a QEMU instance running Windows. (Using VDE) The bridge br0 gets its ip address by DCHP from our corporate gateway. The QEMU windows instance gets a separate ip address from the corporate gateway. So, for example, br0 may get ip address 192.168.1.123, and the QEMU windows may get ip address 192.168.1.130. I filter traffic through the bridge. All worked fine until kernel 2.6.20.
I have followed the revised bridge instructions. If I manually assign Windows its IP address (in windows control panel, using an address within the range set up in shorewall), all works find, and traffic is correctly filtered. However, if I set Windows up to get its address via DHCP, it always fails. The bridge itself correctly gets an IP address via DHCP. I've done the following things to try to troubleshoot this: 1. Set all REJECT rules in the "policy" file to log INFO. Shorewall doesn't seem to generate a reject log indicating blocking of the DCHP traffic from Windows. 2. Set all rules (in "policy" to the zone set for the firewall to ACCEPT. This did not work. 3. If I set the policy "all all ACCEPT", then windows DHCP does work. I'm stumped. I'd appreciate some help figuring out how to make this work again. I can provide my configuration if that is helpful. Thanks, Phil ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
