On Wednesday 10 November 2004 19:48, TEJAS VORA wrote: Please use kernel 2.4.27 with this patch applied: http://prdownloads.sourceforge.net/ebtables/ebtables-brnf-7_vs_2.4.27.diff.gz?download I can't answer your first question, but the second question is easy to answer: you didn't apply the ebtables-brnf patch, and therefore iptables doesn't see bridged traffic.
Stephen Hemminger
2007-Apr-18 17:22 UTC
[Bridge] Re: Bridge Problem with RedHat and iptables
Since this a question about the bridge filtering, you probably want to ask: Bart De Schuymer <bart.de.schuymer@pandora.be> and/or the ebtables mailing lists. ebtables-user@lists.sourceforge.net ebtables-devel@lists.sourceforge.net
Hello,
I am running into a strange problem here. I wrote you a mail earlier
also regarding this.
1. I am trying to run the bridge mode over Redhat 7.3 (kernel 2.4.18).
I tried the latest version of brdige mode utility and also I tried
version 0.94 as well. But whenever I run the brdige mode on this
kernel - the kernel goes panic saying "aiee - killing interrupt
handler". Now I am in a crutial situation here. We are building a
product based on kernel version 2.4.18 and running on Redhat 7.3 - and
we have to setup bridge mode on the machine. But due to this problem
we are not able to do that. So please help me what is the problem here
and what could be the solution?
2. Now the second problem is regarding iptables. As brdige was not
working on redhat 7.3 due to kernel panicing - I tried it temporarily
in redhat 9.0 (jkernel 2.4.20-8) - where it is working fine. I setup a
FTP transparent proxy on the machine. The configuration is - our
machine (with brdige mode and transparent proxy) seats between client
and server. And it forwards or the traffice to and fro and for FTP
traffic we want to have transparent proxy in between. The
configuration is as shiown below.
Bridge Machine (br0) IP : 192.168.11.201
(need to be used as Transparent proxy)
+---------------------------------------------+
| |
| |
| |
| |
| |
| |
+---------------------------------------------+
| |
eth0 eth1
| |
| |
| | FTP Content Server (192.168.11.60) and Internet
| +------------------------>
|
|
|
| TO INTRANET
+-------------------------------->
Now the thing is on bridge machine I am running FTP transparent proxy
(jftpgw) and I have setup iptables rule as follow.
iptables -t nat -A PREROUTING -p tcp -d 0/0 -s 0/0 --dport 21 -J DNAT
--to 192.168.11.201:2370
But the strange thing is before the packet is redirected to port 2370
(to Transparent PROXY) - brdige forwards it to the other machine and
the packet does not reach port 2370 on the same machine. So what could
be the problem here and what could be the solution for that?
I am in a urgent help. Please help me and let me know the solution
ofr these problems.
Thanks you,
Tejas Vora