Bridge-nf iptables frustration

Bridge-nf iptables frustration

Post by tyler » Thu, 24 Jul 2003 10:18:41



Running Slackware 9 (kernel 2.4.20) patched with
bridge-nf-0.0.10-against-2.4.20.diff and ebtables 2.0.4. Firewalled
bridge has been running fine for over a month, I have certain ports
blocked and it has been working as expected thus far.

Now, I want to block certain ports going one direction. I.e., if a
packet comes in on one interface, forward it. If it comes in another
interface, drop it.

Googling, I found many many examples of this, for example:

iptables -A FORWARD --in-interface eth1 --out-interface eth0 -p tcp
--dport 8080 -j LOG
iptables -A FORWARD --in-interface eth1 --out-interface eth0 -p tcp
--dport 8080 -j REJECT

I can type these commands in without error, but the rules have no
effect. No packets match the rules and they all get forwarded without
logging.

The exact same iptables command without specifying the interfaces
works fine (though of course it blocks both directions).

So... what's the deal?? Help!!

Additional info:


bridge name     bridge id               STP enabled     interfaces
br0             8000.000bcd4ee2aa       yes             eth0
                                                        eth1


Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
LOG        tcp  --  anywhere             anywhere           tcp
dpt:8080 LOG level warning
REJECT     tcp  --  anywhere             anywhere           tcp
dpt:8080 reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

 
 
 

1. bridge-nf, Vlans and iptables

Hello all,

I am trying to use the bridge-nf patch with a bridge that is bridging
two vlan interfaces.

I tested the bridge and found it to work. I tested iptables on the
bridge (while not using vlans) and found it to work.

When using the bridge with vlans I found that the filters don't work.

I read in the 'todo' file that forwarding and vlans have problems but
I tries PREROUTING and POSROUTING and could not get those to work
either (doesn't make sense to use them with a bridge but it doesn't
hurt to try:))

My questions are:

1) Could I get this to work now and if so how?

2) When will the bridge-nf support vlans?

Thanks,

Ron.

2. REPOST: Re: UU.net and rDNS Was: UUNET WorldCom Files Suit Against TCPS

3. Bridge-nf problem with "iptables FORWARDING --in-interface eth0"

4. UMSDOS kernal with Ne200 support

5. bridge-nf, Vlans and iptables

6. Newbie help

7. bridging, iptables, ipchains

8. theinquirer

9. Firewalling bridge with 2.4.x and iptables

10. iptables not filtering packets thru bridge

11. Bridge+IPtables

12. iptables on bridge chain tranversal question

13. bridging and iptables -- strange behaviour