Stephen Hemminger
2007-Apr-18 17:22 UTC
[Bridge] bridge only works from certain ip addresses
On Thu, 17 Jun 2004 14:50:47 +0200 Maarten Hilgenga <M.L.Hilgenga@phys.rug.nl> wrote:> Dear all, > > after putting up a bridge to be used as a firewall with the following > configuration: > > linux 2.6.4-52-smp kernel > bridge-utils 0.9.6-121 > Bridge is setup standard with 2 NIC's and STP off. > > I noticed a strange behaviour; when connecting from an outside machine > with the same iprange as the inside machines (a.b.xxx.xxx) I could > connect. When trying the same from a non-local machine(c.d.xxx.xxx), > this didn't work. In both cases the first package arrives at the > firewallmachine at the INPUT chain, and the destination MAC-address is > correct in both cases. The package from a.b.xxx.xxx also enters the > FORWARD chain, but this doesn't work for c.d.xxx.xxx. I'd really > appreciate any help, if you need more info please tell meWhat is the IP route table, perhaps you don't have routes that know how to get outside your local lan. The ebtables list you want is probably, ebtables-users@lists.sourceforge.net
Maarten Hilgenga
2007-Apr-18 17:22 UTC
[Bridge] bridge only works from certain ip addresses
Dear all, after putting up a bridge to be used as a firewall with the following configuration: linux 2.6.4-52-smp kernel bridge-utils 0.9.6-121 Bridge is setup standard with 2 NIC's and STP off. I noticed a strange behaviour; when connecting from an outside machine with the same iprange as the inside machines (a.b.xxx.xxx) I could connect. When trying the same from a non-local machine(c.d.xxx.xxx), this didn't work. In both cases the first package arrives at the firewallmachine at the INPUT chain, and the destination MAC-address is correct in both cases. The package from a.b.xxx.xxx also enters the FORWARD chain, but this doesn't work for c.d.xxx.xxx. I'd really appreciate any help, if you need more info please tell me Thanks in advance, Maarten Hilgenga