Re: [Shorewall-users] First experience (next)

Tom Eastep Sun, 13 Sep 2015 19:39:29 -0700

On 9/13/2015 6:10 PM, Ob Noxious wrote:
> On Sun, Sep 13, 2015 at 11:36 PM, Tom Eastep <[email protected]
> <mailto:[email protected]>> wrote:
> 
>     > If you need more information, don't hesitate to ask. Thank you very much
>     > for trying to help with the case.
> 
>     It looks to me as if either the bridge is mis-behaving or the traffic is
>     being sent with the broadcast L2 address.
> 
>     Please 'tcpdump -nbi vbridge' and ping as before.
> 
> 
> Here's what I get when "nc -z www.shorewall.net
> <http://www.shorewall.net>" from the "proxy" LXC
> 
> 02:58:09.820953 IP 10.88.5.88.55834 > 10.88.5.53.53: 35154+ A?
> www.shorewall.net <http://www.shorewall.net>. (35)
> 02:58:09.821410 IP 10.88.5.53.53 > 10.88.5.88.55834: 35154 2/5/5 CNAME
> shorewall.mastermindpro.com <http://shorewall.mastermindpro.com>., A
> 64.184.144.10 (262)
> 02:58:09.821515 IP 10.88.5.88.55834 > 10.88.5.53.53: 63975+ AAAA?
> www.shorewall.net <http://www.shorewall.net>. (35)
> 02:58:09.821640 IP 10.88.5.53.53 > 10.88.5.88.55834: 63975 1/1/0 CNAME
> shorewall.mastermindpro.com <http://shorewall.mastermindpro.com>. (124)
> 02:58:09.821849 IP 10.88.5.88.60297 > 64.184.144.10.80: Flags [S], seq
> 1465038559, win 29200, options [mss 1460,sackOK,TS val 212411311 ecr
> 0,nop,wscale 9], length 0
> 02:58:10.000356 IP 64.184.144.10.80 > 10.88.5.88.60297: Flags [S.], seq
> 540426778, ack 1465038560, win 14480, options [mss 1460,sackOK,TS val
> 1227322561 ecr 212411311,nop,wscale 7], length 0
> 02:58:10.000472 IP 10.88.5.88.60297 > 64.184.144.10.80: Flags [.], ack
> 1, win 58, options [nop,nop,TS val 212411356 ecr 1227322561], length 0
> 02:58:10.000642 IP 10.88.5.88.60297 > 64.184.144.10.80: Flags [F.], seq
> 1, ack 1, win 58, options [nop,nop,TS val 212411356 ecr 1227322561],
> length 0
> 02:58:10.178905 IP 64.184.144.10.80 > 10.88.5.88.60297: Flags [F.], seq
> 1, ack 2, win 114, options [nop,nop,TS val 1227322739 ecr 212411356],
> length 0
> 02:58:10.178976 IP 10.88.5.88.60297 > 64.184.144.10.80: Flags [.], ack
> 2, win 58, options [nop,nop,TS val 212411400 ecr 1227322739], length 0
> 
> The program that creates the bridge is a helper which does the following :
> (variable parts noted as shell variables)
> 
> Shell# ip link add name ${iface} ${macaddr} type bridge
> Shell# ip link set dev ${iface} up promisc on


That's the problem....

> Shell# brctl setfd ${iface} 2
> 
> After that, there are some more "ip" commands to set the IP address.
> 

-Tom

-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] First experience (next)

Reply via email to