Tom Eastep <[EMAIL PROTECTED]> wrote: > Phil DeVries wrote: > > I use bridge br0 to link a tun/tap interface and eth0. > > I do this to give full networking functionality to a QEMU > > instance running Windows. (Using VDE) The bridge br0 gets > > its ip address by DCHP from our corporate gateway. The QEMU > > windows instance gets a separate ip address from the > > corporate gateway. So, for example, br0 may get ip address > > 192.168.1.123, and the QEMU windows may get ip address > > 192.168.1.130. I filter traffic through the bridge. All > > worked fine until kernel 2.6.20. > > > > I have followed the revised bridge instructions. If I > > manually assign Windows its IP address (in windows control > > panel, using an address within the range set up in > > shorewall), all works find, and traffic is correctly > > filtered. However, if I set Windows up to get its address via > > DHCP, it always fails. The bridge itself correctly gets an IP > > address via DHCP. > > > > I've done the following things to try to troubleshoot this: > > > > 1. Set all REJECT rules in the "policy" file to log > > INFO. Shorewall doesn't seem to generate a reject log > > indicating blocking of the DCHP traffic from Windows. > > > 2. Set all rules (in "policy" to the zone set for the > > firewall to ACCEPT. This did not work. > > 3. If I set the policy "all all ACCEPT", then windows > > DHCP does work. > > > > I'm stumped. I'd appreciate some help figuring out how to > > make this work again. I can provide my configuration if that > > is helpful. > > This is a limitation in the 'revised bridge' implementation. > DHCP relies on broadcasts that have a source IP address of > 0.0.0.0. > > Try adding that address to the zone that corresponds to the > Windows system and see if that helps.
I revised my "Hosts" file from brloc br0:192.168.1.130-192.168.1.254 routeback,nosmurfs to brloc br0:192.168.1.130-192.168.1.254,0.0.0.0 routeback,nosmurfs. This did not work. Also, this did not prevent the linux os from getting an ip address from DHCP, which is what I expected. Is there another limitation here too? I presume there's no way to guarantee that a DHCP server will grant me an address inside the range for brloc. What happens if DHCP tries to give Windows an address outside that range? Phil ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
