[Gllug] Iptables with bridge
Chris Bell
chrisbell at overview.demon.co.uk
Tue Jun 21 19:09:11 UTC 2005
Hello,
I have an old box with Debian Sarge and three ethernet cards running
brctl (bridge control) as a 2-way bridge to FORWARD packets under iptables
rules, while the third interface is only used for remote admin access from
a specified source under iptables rules. This works as I would expect.
I have another old box with Debian Sarge and three ethernet cards running
brctl (bridge control) as a 3-way bridge to FORWARD packets under iptables
rules.
All interfaces are shown normally as "UP", but they appear to only work
as part of the bridge, not as individual interfaces. Is this the expected
action?
I can ping any external IP address from the box if I specify the start
interface as br0 but not if I specify the correct interface as eth0, eth1,
or eth2, so the following works:
# ping -i br0 nn.nn.nn.nn
I can ping the box from any external box with ip address nn.nn.nn.nn if
the INPUT policy is DROP as long as I include the rule
# iptables -A INPUT -s nn.nn.nn.nn -j ACCEPT
or
# iptables -A INPUT -i br0 -s nn.nn.nn.nn -j ACCEPT
but not if I specify a restriction on the ethernet interface as in
# iptables -A INPUT -i eth0 -s nn.nn.nn.nn -j ACCEPT
--
Chris Bell
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list