Re: [Shorewall-users] First experience (next)

Sun, 13 Sep 2015 18:21:53 -0700 

On Sun, Sep 13, 2015 at 11:36 PM, Tom Eastep <[email protected]> wrote:

> If you need more information, don't hesitate to ask. Thank you very much
> > for trying to help with the case.
>
> It looks to me as if either the bridge is mis-behaving or the traffic is
> being sent with the broadcast L2 address.
>
> Please 'tcpdump -nbi vbridge' and ping as before.
>

Here's what I get when "nc -z www.shorewall.net" from the "proxy" LXC

02:58:09.820953 IP 10.88.5.88.55834 > 10.88.5.53.53: 35154+ A?
www.shorewall.net. (35)
02:58:09.821410 IP 10.88.5.53.53 > 10.88.5.88.55834: 35154 2/5/5 CNAME
shorewall.mastermindpro.com., A 64.184.144.10 (262)
02:58:09.821515 IP 10.88.5.88.55834 > 10.88.5.53.53: 63975+ AAAA?
www.shorewall.net. (35)
02:58:09.821640 IP 10.88.5.53.53 > 10.88.5.88.55834: 63975 1/1/0 CNAME
shorewall.mastermindpro.com. (124)
02:58:09.821849 IP 10.88.5.88.60297 > 64.184.144.10.80: Flags [S], seq
1465038559, win 29200, options [mss 1460,sackOK,TS val 212411311 ecr
0,nop,wscale 9], length 0
02:58:10.000356 IP 64.184.144.10.80 > 10.88.5.88.60297: Flags [S.], seq
540426778, ack 1465038560, win 14480, options [mss 1460,sackOK,TS val
1227322561 ecr 212411311,nop,wscale 7], length 0
02:58:10.000472 IP 10.88.5.88.60297 > 64.184.144.10.80: Flags [.], ack 1,
win 58, options [nop,nop,TS val 212411356 ecr 1227322561], length 0
02:58:10.000642 IP 10.88.5.88.60297 > 64.184.144.10.80: Flags [F.], seq 1,
ack 1, win 58, options [nop,nop,TS val 212411356 ecr 1227322561], length 0
02:58:10.178905 IP 64.184.144.10.80 > 10.88.5.88.60297: Flags [F.], seq 1,
ack 2, win 114, options [nop,nop,TS val 1227322739 ecr 212411356], length 0
02:58:10.178976 IP 10.88.5.88.60297 > 64.184.144.10.80: Flags [.], ack 2,
win 58, options [nop,nop,TS val 212411400 ecr 1227322739], length 0

The program that creates the bridge is a helper which does the following :
(variable parts noted as shell variables)

Shell# ip link add name ${iface} ${macaddr} type bridge
Shell# ip link set dev ${iface} up promisc on
Shell# brctl setfd ${iface} 2

After that, there are some more "ip" commands to set the IP address.

-- 
ObNox

------------------------------------------------------------------------------

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to