[Firewall] Bridging

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Wed Mar 11 13:19:15 CET 2009


I don't know much about bridges but I think eth0 should go into EXT_IF 
and br0 into TRUSTED_IF.... Although i don't really understand why the 
forward-in is the same as the forward-out, but again that's probably to 
my limited knowledge about bridges....

a.

Mark van Dijk wrote:
> BTW here is one of the logs:
> Mar 10 14:46:13 AIF:Dropped FORWARD packet: IN=br0 OUT=br0 PHYSIN=tap0
> PHYSOUT=eth0 SRC=89.188.xxx.xx DST=83.188.xxx.xxx PROTO=UDP DPT=DNS(53) SPT=55685
> TTL=64
> 
> This should just work.
> 
> Greetings,
> -Mark.
> 
> 
> On Tue, Mar 10, 2009 at 02:36:10PM CET, Mark van Dijk spoke 0.7K bytes, saying:
> 
>> Hi,
>>
>> I started using qemu. I have 8 public IP's. One of them is for the qemu client.
>>
>> what i did was this:
>>
>> * ifconfig eth0 promisc up
>> * add br0 and add eth0 to it
>> * give br0 public ip's minus one
>> * run qemu which connects to tap0
>> * add tap0 to br0
>> * give a public IP to the qemu host
>>
>>
>> I don't get any sort of communication when I try to ping it from the internet.
>> I have put br0 to EXT_IF and tap0 to INT_IF. Should I put eth0 anywhere? Dunno
>> if that's the proper procedure.  How do I get this to work?
>>
>> Thanks,
>> -Mark.
>>
>>
>> _______________________________________________
>> Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.nl
>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
>>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> 

-- 
Arno van Amersfoort
E-mail    : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl


More information about the Firewall mailing list