Phil, Please configure your mailer to fold long lines. Each of your paragraphs is actually one long line of text.
Thanks Phil DeVries wrote: > I use bridge br0 to link a tun/tap interface and eth0. > I do this to give full networking functionality to a QEMU instance running > Windows. (Using VDE) The bridge br0 gets its ip address by DCHP from our > corporate gateway. The QEMU windows instance gets a separate ip address > from the corporate gateway. So, for example, br0 may get ip address > 192.168.1.123, and the QEMU windows may get ip address 192.168.1.130. > I filter traffic through the bridge. All worked fine until kernel 2.6.20. > > I have followed the revised bridge instructions. If I manually assign Windows > its IP address (in windows control panel, using an address within the > range set up in shorewall), all works find, and traffic is correctly filtered. > However, if I set Windows up to get its address via DHCP, it always fails. > The bridge itself correctly gets an IP address via DHCP. > > I've done the following things to try to troubleshoot this: > > 1. Set all REJECT rules in the "policy" file to log INFO. > Shorewall doesn't seem to generate a reject log indicating blocking > of the DCHP traffic from Windows. > 2. Set all rules (in "policy" to the zone set for the firewall to > ACCEPT. This did not work. > 3. If I set the policy "all all ACCEPT", then windows DHCP does work. > > I'm stumped. I'd appreciate some help figuring out how to make this work > again. I can provide my configuration if that is helpful. This is a limitation in the 'revised bridge' implementation. DHCP relies on broadcasts that have a source IP address of 0.0.0.0. Try adding that address to the zone that corresponds to the Windows system and see if that helps. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
