thr3ads.net - Linux Ethernet Bridging - [Bridge] Bridge and iptables [Feb 2008]

If this information is useful, please help other people find it:
Share via:

Sathyan M

2008-Feb-12 22:19 UTC

[Bridge] Bridge and iptables

Hi,

I am using linux kernle-2.6.15, iptables-1.4 and bridge-utils-1.4.
Everything intslled without any issue and i am able to enable the
bridge and traffic is also flowing without any issue.

But i did not see any traffic on the iptables forward chain due to
which i am not able to control the traffic.

Do i requie enable anything more to make the traffic pass through
iptables forward chain.

Please look into the configuration
ip addr
1: lo: <LOOPBACK> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: tunl0: <NOARP> mtu 1480 qdisc noop
    link/ipip 0.0.0.0 brd 0.0.0.0
3: gre0: <NOARP> mtu 1476 qdisc noop
    link/gre 0.0.0.0 brd 0.0.0.0
10: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen
1000
    link/ether 00:07:d9:0d:67:5a brd ff:ff:ff:ff:ff:ff
11: eth1: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen
1000
    link/ether 00:07:d9:0d:67:03 brd ff:ff:ff:ff:ff:ff
12: br0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
    link/ether 00:07:d9:0d:67:03 brd ff:ff:ff:ff:ff:ff
    inet 10.10.5.2/24 brd 10.10.5.255 scope global br0

iptables -L -nvx
Chain INPUT (policy ACCEPT 4484 packets, 330543 bytes)
    pkts      bytes target     prot opt in     out     source
     destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source
     destination

Chain OUTPUT (policy ACCEPT 4105 packets, 2046064 bytes)
    pkts      bytes target     prot opt in     out     source
     destination

Leigh Sharpe

2008-Feb-13 19:33 UTC

head link

[Bridge] Bridge and iptables

Bridged traffic is not seen by iptables. You need ebtables instead. 

Regards,
             Leigh
 
Leigh Sharpe
Network Systems Engineer
Pacific Wireless
Ph +61 3 9584 8966
Mob 0408 009 502
Helpdesk 1300 300 616
email lsharpe@pacificwireless.com.au
web www.pacificwireless.com.au
 

-----Original Message-----
From: bridge-bounces@lists.linux-foundation.org
[mailto:bridge-bounces@lists.linux-foundation.org] On Behalf Of Sathyan
M
Sent: Wednesday, 13 February 2008 5:20 PM
To: bridge@lists.linux-foundation.org
Subject: [Bridge] Bridge and iptables

Hi,

I am using linux kernle-2.6.15, iptables-1.4 and bridge-utils-1.4.
Everything intslled without any issue and i am able to enable the
bridge and traffic is also flowing without any issue.

But i did not see any traffic on the iptables forward chain due to
which i am not able to control the traffic.

Do i requie enable anything more to make the traffic pass through
iptables forward chain.

Please look into the configuration
ip addr
1: lo: <LOOPBACK> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: tunl0: <NOARP> mtu 1480 qdisc noop
    link/ipip 0.0.0.0 brd 0.0.0.0
3: gre0: <NOARP> mtu 1476 qdisc noop
    link/gre 0.0.0.0 brd 0.0.0.0
10: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast
qlen 1000
    link/ether 00:07:d9:0d:67:5a brd ff:ff:ff:ff:ff:ff
11: eth1: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast
qlen 1000
    link/ether 00:07:d9:0d:67:03 brd ff:ff:ff:ff:ff:ff
12: br0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
    link/ether 00:07:d9:0d:67:03 brd ff:ff:ff:ff:ff:ff
    inet 10.10.5.2/24 brd 10.10.5.255 scope global br0

iptables -L -nvx
Chain INPUT (policy ACCEPT 4484 packets, 330543 bytes)
    pkts      bytes target     prot opt in     out     source
     destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source
     destination

Chain OUTPUT (policy ACCEPT 4105 packets, 2046064 bytes)
    pkts      bytes target     prot opt in     out     source
     destination
_______________________________________________
Bridge mailing list
Bridge@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/bridge

richardvoigt at gmail.com

2008-Feb-14 05:27 UTC

head link

[Bridge] Bridge and iptables

On Feb 14, 2008 3:41 AM, Leigh Sharpe <lsharpe at pacificwireless.com.au>
wrote:> Bridged traffic is not seen by iptables. You need ebtables instead.
Bridged traffic is not seen by iptables alone. You need bridge-nf as well.

There, I fixed it for you.

"The br-nf code makes bridged IP frames/packets go through the iptables
chains."
http://ebtables.sourceforge.net/brnf-faq.html

>
> Regards,
>              Leigh
>
> Leigh Sharpe
> Network Systems Engineer
> Pacific Wireless
> Ph +61 3 9584 8966
> Mob 0408 009 502
> Helpdesk 1300 300 616
> email lsharpe at pacificwireless.com.au
> web www.pacificwireless.com.au
>
>
>
> -----Original Message-----
> From: bridge-bounces at lists.linux-foundation.org
> [mailto:bridge-bounces at lists.linux-foundation.org] On Behalf Of Sathyan
> M
> Sent: Wednesday, 13 February 2008 5:20 PM
> To: bridge at lists.linux-foundation.org
> Subject: [Bridge] Bridge and iptables
>
> Hi,
>
> I am using linux kernle-2.6.15, iptables-1.4 and bridge-utils-1.4.
> Everything intslled without any issue and i am able to enable the
> bridge and traffic is also flowing without any issue.
>
> But i did not see any traffic on the iptables forward chain due to
> which i am not able to control the traffic.
>
> Do i requie enable anything more to make the traffic pass through
> iptables forward chain.
>
> Please look into the configuration
> ip addr
> 1: lo: <LOOPBACK> mtu 16436 qdisc noqueue
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> 2: tunl0: <NOARP> mtu 1480 qdisc noop
>     link/ipip 0.0.0.0 brd 0.0.0.0
> 3: gre0: <NOARP> mtu 1476 qdisc noop
>     link/gre 0.0.0.0 brd 0.0.0.0
> 10: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast
> qlen 1000
>     link/ether 00:07:d9:0d:67:5a brd ff:ff:ff:ff:ff:ff
> 11: eth1: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast
> qlen 1000
>     link/ether 00:07:d9:0d:67:03 brd ff:ff:ff:ff:ff:ff
> 12: br0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
>     link/ether 00:07:d9:0d:67:03 brd ff:ff:ff:ff:ff:ff
>     inet 10.10.5.2/24 brd 10.10.5.255 scope global br0
>
> iptables -L -nvx
> Chain INPUT (policy ACCEPT 4484 packets, 330543 bytes)
>     pkts      bytes target     prot opt in     out     source
>      destination
>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>     pkts      bytes target     prot opt in     out     source
>      destination
>
> Chain OUTPUT (policy ACCEPT 4105 packets, 2046064 bytes)
>     pkts      bytes target     prot opt in     out     source
>      destination
> _______________________________________________
> Bridge mailing list
> Bridge at lists.linux-foundation.org
> https://lists.linux-foundation.org/mailman/listinfo/bridge
>
> _______________________________________________
> Bridge mailing list
> Bridge at lists.linux-foundation.org
> https://lists.linux-foundation.org/mailman/listinfo/bridge
>

Maybe Matching Threads

Search for more possibly parallel threads

Linux Ethernet Bridging - Feb 2008 - [Bridge] Bridge and iptables

[Bridge] Bridge and iptables

[Bridge] Bridge and iptables

[Bridge] Bridge and iptables

Maybe Matching Threads