I am seeing some strange behavior and was hoping someone might be able to shed some light on what I am seeing. First my setup: Running rhel4 (2.6.9-42-EL kernel) ----> (eth1) Linux Bridge (eth2) --> 10.10.3.101 I only have one machine sitting off of eth2. I have the iptables rule: iptables -A FORWARD -j LOG So, I am logging everything that goes over the bridge. I am expecting to see all traffic to 10.10.3.101 and anything that is broadcast address. (Is that a correct assumption?) I was looking at http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png, and if I read it correctly, the bridge decision is being done before the packet reaches the FORWARD chain of the filter table. The problem is that I am seeing SYN packets for machines that are not on the eth2 segment of the bridge. Is this correct behavior? I am seeing the packet in the LOG output as well as running ethereal on eth2 shows these packets. Anyone have any ideas why this is happening? Or is it working as expected? --joubert -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.linux-foundation.org/pipermail/bridge/attachments/20080206/00f204e6/attachment.htm