[Gloucs] Bridging Firewall
Gavin Robertson
gmr_lists at mail.com
Thu Jan 8 15:54:08 GMT 2004
After more research the answer to question one is to use the physdev module for iptables only avaliable for kernel versions above version 2.5.44 most likely part of ebtables. the other thing was an internal routing thing.
Thanks Gavin
----- Original Message -----
From: "Gavin Robertson" <gmr_lists at mail.com>
Date: Wed, 07 Jan 2004 11:19:10 +0000
To: gloucs at mailman.lug.org.uk
Subject: [Gloucs] Bridging Firewall
> Hello all
>
> I'm building a bridging firewall and have some iptables questions that maybe somebody can help me with
> so far the bridge is up and working the config is below
>
> eth0 --> lan with ip -- will be use for ssh configure
> eth1 --> lan no ip
> eth2 --> router no ip
> br0 --> (eth1 + eth2) no ip
>
> lan -- eth1+eth2 -- router
>
>
> first can you refer to eth1 an eth2 in your iptables script or do you refer to br0
>
> when i config iptables to accept all an log everything on FORWARD "--log-level=6" it seems to use eth0 as the IN and forward to br0 although "OUT=" (blank) is displayed in the log? perhaps it is because it is a broadcast?.
>
> Jan 7 10:21:16 unicorn kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:c0:b7:65:4b:d3:08:00 SRC=192.168.100.253 DST=192.168.100.255 LEN=867 TOS=0x00 PREC=0x00 TTL=60 ID=56364 PROTO=UDP SPT=3052 DPT=3052 LEN=847
>
> any help appreciated
>
> Gavin
> --
> ___________________________________________________________
> Sign-up for Ads Free at Mail.com
> http://promo.mail.com/adsfreejump.htm
>
>
> _______________________________________________
> gloucs mailing list
> gloucs at mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/gloucs
--
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm
More information about the gloucs
mailing list