Linux Ethernet Bridging - Apr 2007 - [Bridge] problem bridging

On Wed, 24 Jan 2007 14:19:14 -0600
Omar Armas <oarmas@mpsnet.net.mx> wrote:
> Hi, I did a bridge with kernel 2.4.34 and two intel e1000 network cards.
> 
> I setup the bridge with:
> 
>      /usr/sbin/brctl addbr br0
>      /usr/sbin/brctl addif br0 eth0
>      /usr/sbin/brctl addif br0 eth1
>      /sbin/ifconfig eth0 0.0.0.0 promisc
>      /sbin/ifconfig eth1 0.0.0.0 promisc
These two are unnecessary the bridge does it itself.
>      /sbin/ifconfig br0 up
> 
> My configuration is:
> 
> router
> |
> Bridge
> |
> LAN
> 
> 
> but my problem is that it always passes all traffic, no matter if I  
> set FOWARD iptables chain to DROP:
> iptables -P FORWARD DROP
iptables FORWARD rules apply to routing not bridging

See:
	http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html#section6

> When I do this the all traffic and protocols continue passing.
> Any idea why?
> 
> 

-- 
Stephen Hemminger <shemminger@linux-foundation.org>

Hi, I did a bridge with kernel 2.4.34 and two intel e1000 network cards.

I setup the bridge with:

     /usr/sbin/brctl addbr br0
     /usr/sbin/brctl addif br0 eth0
     /usr/sbin/brctl addif br0 eth1
     /sbin/ifconfig eth0 0.0.0.0 promisc
     /sbin/ifconfig eth1 0.0.0.0 promisc
     /sbin/ifconfig br0 up

My configuration is:

router
|
Bridge
|
LAN


but my problem is that it always passes all traffic, no matter if I  
set FOWARD iptables chain to DROP:
iptables -P FORWARD DROP

When I do this the all traffic and protocols continue passing.
Any idea why?


Omar Armas
Oficina: +52 55 56044655
Movil: 04455 1867 8953
oarmas@mpsnet.net.mx



-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.linux-foundation.org/pipermail/bridge/attachments/20070124/61f28304/attachment-0002.htm