similar to: [Bridge] bridge only works from certain ip addresses

Hi all, This is my first post to this list. I hope someone can help me, I have been getting grey hairs trying to make this work! I have a bridge setup on a debian sarge box. The bridge is called br0 and sits between my cable modem and a non-name brand router/switch: [cable modem]----[eth1]---[br0]----[eth2]-----[no-name brand router] I have squid setup on the linux box and it works, I have

Perhaps someone can help me understand why this is happening. I''m trying to write a script using ''shorewall iprange'' to parse some ip ranges into subnets so that i can place them into the blocklist. I keep getting an error when i run the script though. Here is the script: #!/bin/csh foreach i (`cat ipranges`) shorewall iprange $i >>

http://bugzilla.netfilter.org/show_bug.cgi?id=639 Summary: iptables iprange Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: blocker Priority: P1 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: paulo.santos at

http://bugzilla.netfilter.org/show_bug.cgi?id=711 Summary: iptables -m iprange causes unknown error Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P5 Component: ip_tables (kernel) AssignedTo: netfilter-buglog at

Ok, I give up. I tried, really hard, before asking but I must be the most stupid shorewall user on the planet :( My laptop runs a single eth0 interface and knows Net and Firewall as zones and the default "inbound" policies are Net->Any DROP and >ny->Any REJECT. Now at home I have my trusted 192.168.174.240/29 subnet which hosts my very trusted 192.168.174.242 host and I

Hi, I have the following problem while activating this rule entry using shorewall-shell: ACCEPT:notice:rul WAN:139.x.x.226 INT:139.x.x.153-139.x.x.156 udp 1024:65535 1024:65535 "-m iprange" in front of "--dst-range" is missing in the activation command. The logging entry (above) is set correct. Below is the debug output. Thanks Regards Günter + case $level in +

hello i am a new user for this group. i am working at a ISP. here i want to made a bridge firewall i am using fedora core 3. i want to block a serirs of ip address 192.16.18.0/255.255.255.0 and want to give the accesss only 172.16.18.0/255.255.255.0. but iptables not be able to block ip;s its passes all the ip series. i made my machine as bridge. i think my bridge passes all the

Hello, I am running into a strange problem here. I wrote you a mail earlier also regarding this. 1. I am trying to run the bridge mode over Redhat 7.3 (kernel 2.4.18). I tried the latest version of brdige mode utility and also I tried version 0.94 as well. But whenever I run the brdige mode on this kernel - the kernel goes panic saying "aiee - killing interrupt handler". Now I am in a

Hello all, I am new to Linux Ethernet bridging. Let me first start with what I am trying to achieve. Well you see - I am attempting to have 2 main firewall running at the same time - one as a master and the other one as a slave. Yes, I would like to make use of Ethernet bridging in this scenario - as I understand it, all I need are two machines and STP enabled. I am running Debian

Hi, I'm relatively new to linux world.I'm just trying to setup a bridge firewall between a router and LAN. I've installed Red Hat Linux 9.0 - 2.4.20-8 from installation CDs and upgraded to 2.4.25 successfully. I've patched my kernel to support bridge firewall also loaded ebtables module,so far so good.Now I tried to create a bridge using the code given in the following link

Hi everyone, I am working on packet filtering at mac layer. I want to use ebtables. I am using Fedora core 2. But I am unable use the ebtables eventhough all the modules are enabled at the time of kernel compilation. Plz suggest me how to use ebtables in Fedora core 2 Phani

Hello all! I try to use network filters for openvswitch interfaces.  This is the xml configuration of my bridge interface <interface type='bridge'>    <mac address='00:11:22:33:44:55'/>    <source bridge='virbr1'/>    <virtualport type='openvswitch'>         <parameters interfaceid='0529d6b5-627c-4330-803f-0d7018e6d496'/>   

Dear all, I am working on a linux box (2.4.22 kernel) which is used as a bridge. And I want to add traffic control rules on it by client''s MAC. Does anyone has such experience on how to do that? Thank you very much!! Best regards, Henry _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Is there a way to prevent hwaddr/mac address spoofing between DomU''s? So in a way ''binding'' a mac-address on boot time with a virtual interface? (with something like ebtables/arptables/etc?) Stefan -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla -

Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: unicast-flooding-2.6.20.4.patch Type: text/x-patch Size: 3300 bytes Desc: not available Url : http://lists.linux-foundation.org/pipermail/bridge/attachments/20070416/4585d8f0/unicast-flooding-2.6.20.4-0002.bin

I have a linux AP with prism2 (hostap) wireless nic. I whant to filter traffic that pass betwen clients of the AP, this is layer 2 traffic (802.11) and netfilter does not sees it, at first i think in physdev target, but is for layer2 bridged interfaces, and this is not the case. There is a way to filter layer2 traffic independet if it is from a bridged iface or not? -- Luciano

Hi, At http://sourceforge.net/projects/ebtables/ you can find the following new releases: ebtables-brnf-3-vs-2.4.22 Changes: - let iptables see VLAN tagged IP traffic - bugfix for queued packets that get mangled in userspace - ebt_among module (Grzegorz Borowiak) - ebt_limit module (Tom Marshall) The patch compiles but I've done no further tests, but I probably didn't screw up.

Hi I have been using Shorewall for a while now and find it very useful and easy to configure, I am learning iptables and having trouble getting the bridge to successfully work with squid, although I get it working with Shorewall straight away? Does anyone know the rules to successfully use squid with a transparent bridge? Internet – router - (bridge eth0 – eth1) – local lan auto lo iface lo

I would like to set up an ACL for an ethernet port using ebtables rules, and if a security violation occurs, to physically disable the port (i.e. whatever "ifconfig down" does). I did not see such a feature in the ebtables man page. Does this exist anywhere, or do I have to create a new extension for it? -- Dan Eble <dane@aiinet.com> _____ . | _

Hi, I found this block of code in br_dev_queue_xmit() @ br_forward.c, after applying 'netfilter' patch for 2.4.21 kernel Can someone explain what this block of code is doin? #ifdef CONFIG_NETFILTER if (skb->nf_bridge) memcpy(skb->data - 16, skb->nf_bridge->hh, 16); #endif 1. What is 16 bytes here...? Ethernet hdr is just 14 bytes 2. Why the ethernet