similar to: [Bridge] RH 9 problems iptbles + bridge

Tom Eastep wrote: > | Have you applied the ipsec+netfilter patches ? Without them, packets > are > | only seen encrypted in the OUTPUT chain. > | > Yes -- the ipsec+netfilter patches are applied. Here is the same test > with the bridge removed and the local ip address transfered to one of > the network cards: The problem is ipv4_sabotage_out in the briding code. It

Hello, I am running into a strange problem here. I wrote you a mail earlier also regarding this. 1. I am trying to run the bridge mode over Redhat 7.3 (kernel 2.4.18). I tried the latest version of brdige mode utility and also I tried version 0.94 as well. But whenever I run the brdige mode on this kernel - the kernel goes panic saying "aiee - killing interrupt handler". Now I am in a

> From: "Roy" <roy@xxx.lt> > > I want to set interface to promisc mode and do all routing with iptables. > Is it somehow possible? as I see now kernel do not pass everything to > ipables. > > Basicaly I want to ignore ethernet addess and use only ip for routing. > > I suppose this may require writting special kernel driver or it > is possible > in

Hello, Due to a recent change in the bridge code, we now need a way of knowing if a packet has been defragmented. The bridge code now checks on the packet size and drops packets that are too big for the output port. Defragmented packets will get refragmented later, so they shouldn't be dropped. I've been reading the defragmentation code and can't find an easy way of knowing if a

-----Original Message----- >From: Tommy Christensen [mailto:tommy.christensen@tpack.net] >Sent: Wednesday, October 08, 2003 10:09 AM >To: Christian Darnell >Cc: 'Linux 802.1Q VLAN'; Bart De Schuymer; netdev@oss.sgi.com; bridge >Subject: Re: [Bridge] RE: [VLAN] Re: [PATCH/RFC] Let {ip, arp}tables >"see" bridged VLAN tagged{I,AR}P packets > > > >This

Hi all, The patch below does four trivial changes and one big change Trivial changes, these are all in br_netfilter.c: - check ar_pln==4 when giving bridged ARP packets to arptables - delete unnecessary if in br_nf_local_in - add more logging for the "Argh" message - add some brag-comments in the file head comment Big change: let {ip,arp}tables see VLAN tagged {I,AR}P packets. This

Hi, I had successfully setup my bridge (br0) but after few minutes the br0 interface seems not working. ifconfig eth0 0.0.0.0 ifconfig eth5 0.0.0.0 brctl addbr br0 brctl addif br0 eth0 brctl addif br0 eth5 brctl stp br0 on I check on my system's /var/log/syslog file. It shows something strange messages as below: - Jan 2 10:44:22 fw01 kernel: ipt_tcpmss_target: bad length (64 bytes)

On Fri, 07 Jan 2005 17:05:59 +0000 David Woodhouse <dwmw2@infradead.org> wrote: > On Sat, 2004-12-18 at 08:50 +0100, Andi Kleen wrote: > > It's not really an oops, just a warning that stack space got quiet > > tight. > > > > The problem seems to be that the br netfilter code is nesting far too > > deeply and recursing several times. Looks like a design

Hi, [sorry for the crosspost, I don''t know whether this is a routing or ebtables problem] I want to redirect all HTTP traffic passing through my bridge to a squid proxy on another machine. However, setting up brouting as suggested in the ebtables examples doesn''t work and the packets get dropped on the floor completely. /\/\/\/\/\/\/\/\ +----------------------+

Hi, please Cc: all replies, I'm not subscribed I seem to have troubles with my Linux bridge (2.6.8-rc2), which is apparently not bridging UDP fragments (NFS) when passing packets through iptables, but I do not see in the iptables stats where the packets are dropped. Policies for INPUT, FORWARD, OUTPUT are all "ACCEPT", and I grepped for all REJECT and DROP rules in iptables -nvL,

I am planning to schedule a monthly XCP meeting for the community and am struggling with when to host the call. As we are a global community, there is no single optimal time to host the meeting. In an effort to support the most likely attendees, please send me your time zone if you plan to participate in these calls. I will track the most common time zones in an effort to maximize attendance. All

I am planning to schedule a monthly XCP meeting for the community and am struggling with when to host the call. As we are a global community, there is no single optimal time to host the meeting. In an effort to support the most likely attendees, please send me your time zone if you plan to participate in these calls. I will track the most common time zones in an effort to maximize attendance. All

Hiyas, Is there a patch for the 2.4.x series to do ip6tables bridging of IPv6 packets? I was unable to go to 2.6 due to issues with large packets so still living in 2.4 land. If there are no patches, any ideas on what gets patched in IPv4 to allow this bridging? -Scott __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages!

Hi, At http://sourceforge.net/projects/ebtables/ you can find the following new releases: ebtables-brnf-3-vs-2.4.22 Changes: - let iptables see VLAN tagged IP traffic - bugfix for queued packets that get mangled in userspace - ebt_among module (Grzegorz Borowiak) - ebt_limit module (Tom Marshall) The patch compiles but I've done no further tests, but I probably didn't screw up.

Hi Dave, The patch below lets the bridge compile when CONFIG_BRIDGE_NETFILTER isn't enabled. This patch is an update of M.J. Miroslaw's patch that arrived through private mail. cheers, Bart --- linux-2.6.0-test10/net/bridge/br.c.old Wed Nov 26 01:28:16 2003 +++ linux-2.6.0-test10/net/bridge/br.c Wed Nov 26 01:31:54 2003 @@ -32,7 +32,7 @@ int (*br_should_route_hook) (struct sk_b

Hi, I found this block of code in br_dev_queue_xmit() @ br_forward.c, after applying 'netfilter' patch for 2.4.21 kernel Can someone explain what this block of code is doin? #ifdef CONFIG_NETFILTER if (skb->nf_bridge) memcpy(skb->data - 16, skb->nf_bridge->hh, 16); #endif 1. What is 16 bytes here...? Ethernet hdr is just 14 bytes 2. Why the ethernet

Can someone help me to do ''tc filter'' by MAC Address? I use HTB in my setup and it works wonderfully for IP, but I need to shape NAT connections, and I can''t do it using IP addresses. Any suggestions welcome! Marcio Fraisleben Dias NetUnião Ltda. Internet Banda Larga - Soluções em Networking (55) 42 523 4100 _______________________________________________ LARTC

Hello, I how an embedded processor that needs to act as a bridge between a wireless and wired network. I have managed to bring up the bridge fine. I can also bring up the bridge with a static ip address. However I can not figure out how to bring up the bridge with a dynamic ip address. Is it possible to for a bridge to get a dynamically assigned ip address? Oliver

I would like to set up an ACL for an ethernet port using ebtables rules, and if a security violation occurs, to physically disable the port (i.e. whatever "ifconfig down" does). I did not see such a feature in the ebtables man page. Does this exist anywhere, or do I have to create a new extension for it? -- Dan Eble <dane@aiinet.com> _____ . | _

Ahoy, I've encountered some confusing semantics with using PACKET(7) sockets on bridge-enslaved interfaces. Specifically, if my socket accepts all types of frame (bind() to ETH_P_ALL) then it gets all packets; but if it accepts any specific type (e.g. ETH_P_IP), then it receives no packets at all. That is how it's coded in net/core/dev.c's netif_receive_skb(). First ETH_P_ALL