Hi All! I need to deploy a bridge firewall using linux kernel 2.6. I had success using kernel 2.4 plus br-nf patch. But the configuration does not work with kernel 2.6. If the default policy for the iptables FORWARD chain is ACCEPT I have a bridge. If iptables FORWARD chain is DROP I have an insulator (no packet flows). Any hint? I did some google search and in many places they say "kernel 2.6 is not recommended", "no luck with kernel 2.6", etc. Any link to a success story of a bridge firewall with kernel 2.6? Any personal experience? Thanks in advance, Edésio
I have some experience. It seems that you should explicitely allow bridging in iptables as well as in ebtables. So, in addition to my bridge roules in ebtables I also have this rule in iptables: iptables -A FORWARD -i br0 -o br0 -j ACCEPT Otherwise, it could block bridging by later rules or the policy. В Чтв, 15/02/2007 в 13:44 -0200, Edesio Costa e Silva пишет:> Hi All! > > I need to deploy a bridge firewall using linux kernel 2.6. I had success > using kernel 2.4 plus br-nf patch. But the configuration does not work with > kernel 2.6. > > If the default policy for the iptables FORWARD chain is ACCEPT I have a > bridge. If iptables FORWARD chain is DROP I have an insulator (no packet > flows). Any hint? > > I did some google search and in many places they say "kernel 2.6 is not > recommended", "no luck with kernel 2.6", etc. > > Any link to a success story of a bridge firewall with kernel 2.6? Any > personal experience? > > Thanks in advance, > > Edésio > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >-- Покотиленко Костик <casper@meteor.dp.ua>
What you might be interested in as well is the physdev match witch will let you filter traffic on physical devices T o M | On Fri, Feb 16, 2007 at 03:37:10PM +0200, ??????????? ?????? wrote:>I have some experience. > >It seems that you should explicitely allow bridging in iptables as well >as in ebtables. > >So, in addition to my bridge roules in ebtables I also have this rule in >iptables: > >iptables -A FORWARD -i br0 -o br0 -j ACCEPT > >Otherwise, it could block bridging by later rules or the policy. > >?? ??????, 15/02/2007 ?? 13:44 -0200, Edesio Costa e Silva ??????????: >> Hi All! >> >> I need to deploy a bridge firewall using linux kernel 2.6. I had success >> using kernel 2.4 plus br-nf patch. But the configuration does not work with >> kernel 2.6. >> >> If the default policy for the iptables FORWARD chain is ACCEPT I have a >> bridge. If iptables FORWARD chain is DROP I have an insulator (no packet >> flows). Any hint? >> >> I did some google search and in many places they say "kernel 2.6 is not >> recommended", "no luck with kernel 2.6", etc. >> >> Any link to a success story of a bridge firewall with kernel 2.6? Any >> personal experience? >> >> Thanks in advance, >> >> Edésio >> _______________________________________________ >> LARTC mailing list >> LARTC@mailman.ds9a.nl >> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >> >-- >?????????????????????? ???????????? <casper@meteor.dp.ua> > >_______________________________________________ >LARTC mailing list >LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc