[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bridging

I looked in my kernel for bad memory support, but could not find it.

Anyways, I am using transparent bridging with ebtables atm.

Seems to work pretty good with one processor. On dual processor machines, things 
start acting strange.

My bridge: 

#!/bin/sh
#filenmame : bridge_on.sh
#descrption: turns on transparent bridge


LOCAL = eth0

QWEST = eth1
INSIDE = eth2

/usr/sbin/brctl addbr br0

/bin/echo "STP is only needed if there is more than one bridge"
/bin/echo "turn off stp on br0"
/usr/sbin/brctl stp br0 off

/bin/echo "add $QWEST to virtual unit br0"
/usr/sbin/brctl addif br0 $QWEST

/bin/echo "add $INSIDE to virtual unit br0"
/usr/sbin/brctl addif br0 $INSIDE

/bin/echo "turning off and on reset bridge"
/sbin/ifconfig br0 down
/sbin/ifconfig br0 0.0.0.0 up

I think iptables is better than ebtables for firewalling. 
Ebtables only drops frames. With bridge routing it does some stuff that is a little
more difficult to understand. Thus, I will not give my ebtables rules.



On 12/03/05 20:54 -0500, tps@unslept.com wrote:
> On Sat, Mar 12, 2005 at 07:20:26PM +0100, Jogi Hofmueller wrote:
> > Hi!
> > 
> > tps@unslept.com wrote:
> > 
> > >Has anyone played with iptables bridging under either 2.4 or 2.6 kernels?
> > 
> > A while ago, yes. But only using 2.4 kernels.
> > 
> > >but nothing actually passes the bridge, although you can see the traffic on
> > >both NICs from the bridge box itself. The 2.4 kernels work for bridging,
> > >but it doesn't seem to respect the logging directives, so the packets
> > >are never logged. I'm doing this all remotely, so when I screw up, it means
> > >someone either flushing the tables, or rebooting the box.
> > 
> > AFAIR one had to aply a certain patch to enable bridging AND iptables.
> > Could not find it anymore though ...
> 
> Duh. Thanks for a kick in the memory. 'ebtables'. ebtables.sourceforge.net
> 
> Sigh. Gotta lay off the coffee and try sleep. The old memorybank seems
> to function better at that point...
> 
> Tim
> 
> -- 
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> >> Tim Sailer (at home)             ><  Coastal Internet, Inc.          <<
> >> Network and Systems Operations   ><  PO Box 726                      <<
> >> http://www.buoy.com              ><  Moriches, NY 11955              <<
> >> tps@unslept.com/tps@buoy.com     ><  (631)399-2910  (888) 924-3728   <<
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

-- 
------------------------------------------
Ted Knab
Chester, Maryland  21619 USA
------------------------------------------
The perception of knowledge is an egotistical farce in which
humans extrapolate from simplifications.

Proud Graduate of the 'Wack a Mole' Academy of Psydo Sciences.

Legal Disclaimer:
-------------------------------------
This e-mail is privileged, confidential and subject to the
GNU public licence. Any unauthorized use or disclosure of its contents is 
strictly prohibited and will result in a intensive investigation by the
unofficial enforcement agencies whom are watching you read this email.
The views expressed in this communication may not necessarily be 
the views held by the Scottish Borders Council, the Japanese Education Ministry,
the Annapolis Linux Users group, or the author whom composed it.
Reply to: