similar to: [Bug 570] PREROUTING is unaware of VLAN interfaces

hi i have gone through the achieves but still could not get my bridge to suvive a reboot . please can anyone help me am using fedora core 2 -----Original message----- From: bridge-request@lists.osdl.org Date: Fri, 28 Jan 2005 03:08:06 +0100 To: bridge@lists.osdl.org Subject: Bridge Digest, Vol 17, Issue 25 > Send Bridge mailing list submissions to > bridge@lists.osdl.org > >

Hello, Due to a recent change in the bridge code, we now need a way of knowing if a packet has been defragmented. The bridge code now checks on the packet size and drops packets that are too big for the output port. Defragmented packets will get refragmented later, so they shouldn't be dropped. I've been reading the defragmentation code and can't find an easy way of knowing if a

> From: "Roy" <roy@xxx.lt> > > I want to set interface to promisc mode and do all routing with iptables. > Is it somehow possible? as I see now kernel do not pass everything to > ipables. > > Basicaly I want to ignore ethernet addess and use only ip for routing. > > I suppose this may require writting special kernel driver or it > is possible > in

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=552 ------- Additional Comments From cbettero@ciditech.it 2007-03-04 21:48 MET ------- This problem prevents AJAX web sites to be hosted on the internal web server, because many packets will be dropped instead of passing into PREROUTING chain... -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email

I have to match my packets based on MAC address, which I cannot do in the POSTROUTING chain, so I do it in PREROUTING using MARK. Then, I match on the MARK in the POSTROUTING chain to do a CLASSIFY. But this does not seem to work: wireless-r1 bwlimit # iptables -L -v -n -t mangle Chain PREROUTING (policy ACCEPT 3353K packets, 941M bytes) pkts bytes target prot opt in out source

On Fri, 07 Jan 2005 17:05:59 +0000 David Woodhouse <dwmw2@infradead.org> wrote: > On Sat, 2004-12-18 at 08:50 +0100, Andi Kleen wrote: > > It's not really an oops, just a warning that stack space got quiet > > tight. > > > > The problem seems to be that the br netfilter code is nesting far too > > deeply and recursing several times. Looks like a design

Hi, please Cc: all replies, I'm not subscribed I seem to have troubles with my Linux bridge (2.6.8-rc2), which is apparently not bridging UDP fragments (NFS) when passing packets through iptables, but I do not see in the iptables stats where the packets are dropped. Policies for INPUT, FORWARD, OUTPUT are all "ACCEPT", and I grepped for all REJECT and DROP rules in iptables -nvL,

Hi all, The patch below does four trivial changes and one big change Trivial changes, these are all in br_netfilter.c: - check ar_pln==4 when giving bridged ARP packets to arptables - delete unnecessary if in br_nf_local_in - add more logging for the "Argh" message - add some brag-comments in the file head comment Big change: let {ip,arp}tables see VLAN tagged {I,AR}P packets. This

Hiyas, Is there a patch for the 2.4.x series to do ip6tables bridging of IPv6 packets? I was unable to go to 2.6 due to issues with large packets so still living in 2.4 land. If there are no patches, any ideas on what gets patched in IPv4 to allow this bridging? -Scott __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages!

Hi, At http://sourceforge.net/projects/ebtables/ you can find the following new releases: ebtables-brnf-3-vs-2.4.22 Changes: - let iptables see VLAN tagged IP traffic - bugfix for queued packets that get mangled in userspace - ebt_among module (Grzegorz Borowiak) - ebt_limit module (Tom Marshall) The patch compiles but I've done no further tests, but I probably didn't screw up.

Hi Dave, The patch below lets the bridge compile when CONFIG_BRIDGE_NETFILTER isn't enabled. This patch is an update of M.J. Miroslaw's patch that arrived through private mail. cheers, Bart --- linux-2.6.0-test10/net/bridge/br.c.old Wed Nov 26 01:28:16 2003 +++ linux-2.6.0-test10/net/bridge/br.c Wed Nov 26 01:31:54 2003 @@ -32,7 +32,7 @@ int (*br_should_route_hook) (struct sk_b

Hello, I how an embedded processor that needs to act as a bridge between a wireless and wired network. I have managed to bring up the bridge fine. I can also bring up the bridge with a static ip address. However I can not figure out how to bring up the bridge with a dynamic ip address. Is it possible to for a bridge to get a dynamically assigned ip address? Oliver

http://bugzilla.netfilter.org/show_bug.cgi?id=570 Summary: iptables save saves broken rules for -m owner Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: major Priority: P1 Component: iptables-save AssignedTo: laforge at netfilter.org ReportedBy:

I would like to set up an ACL for an ethernet port using ebtables rules, and if a security violation occurs, to physically disable the port (i.e. whatever "ifconfig down" does). I did not see such a feature in the ebtables man page. Does this exist anywhere, or do I have to create a new extension for it? -- Dan Eble <dane@aiinet.com> _____ . | _

I am planning to schedule a monthly XCP meeting for the community and am struggling with when to host the call. As we are a global community, there is no single optimal time to host the meeting. In an effort to support the most likely attendees, please send me your time zone if you plan to participate in these calls. I will track the most common time zones in an effort to maximize attendance. All

I am planning to schedule a monthly XCP meeting for the community and am struggling with when to host the call. As we are a global community, there is no single optimal time to host the meeting. In an effort to support the most likely attendees, please send me your time zone if you plan to participate in these calls. I will track the most common time zones in an effort to maximize attendance. All

Hello, my current network setup looks like the following: dom2-eth0 (172.30.1.22) netmask /24 | | xen-br1 (no ip) | dom1-eth0 (172.30.1.21) netmask /24 dom1-eth1 (172.30.0.21) netmask /24 | | xen-br10 (172.30.0.1) netmask /24 | dom0 | | xen-br0 (normal IP) | eth0 (same IP as xen-br0) |

Hi, this is my Linux Box ---------------------------- LAN 1 -----|--eth1 <---br1--->eth0.1 | | \ | | eth0--|----- 802.1q tagged 1 Mbps link | / | LAN 2 -----|--eth2 <---br2--->eth0.2 | ---------------------------- I have to bridge the 2 lans

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=400 ------- Additional Comments From kaber@trash.net 2006-01-25 12:55 MET ------- Please add a LOG rule to PRE_ROUTING in the mangle table and post the output. BTW, are you using hardware checksumming (check with ethtool) on the underlying ethernet device? -- Configure bugmail:

Hi! After having wrestled with rsync and several patches I found a solution to synchronize block devices: BDsync. Bdsync can be used to synchronize block devices over a network. It generates a "binary diff" in an efficient way by comparing MD5 checksums of 32k blocks of block devices. This binary diff can be applied to "destination" after which the local blockdevices are