[Firewall] Bridging

Mark van Dijk mark at voidzero.net
Wed Mar 11 14:41:28 CET 2009


 OK - I discovered that the issue has been solved by adding:
iptables -A FORWARD -i br0 -o br0 -j ACCEPT
to the custom rules.

Maybe you could put something like this in the firewall.conf configuration,
or create a plugin for it? It would be very convenient for new users with no
prior knowledge about AIF's internals.

Mark
 
----------------originele bericht-----------------
Van: "Arno van Amersfoort" arnova at rocky.eld.leidenuniv.nl
Aan: "Arno's IPTABLES firewall script" firewall at rocky.eld.leidenuniv.nl
Datum: Wed, 11 Mar 2009 13:19:15 +0100
-------------------------------------------------
 
 
> I don't know much about bridges but I think eth0 should go into EXT_IF 
> and br0 into TRUSTED_IF.... Although i don't really understand why the 
> forward-in is the same as the forward-out, but again that's probably to 
> my limited knowledge about bridges....
> 
> a.
> 
> Mark van Dijk wrote:
>> BTW here is one of the logs:
>> Mar 10 14:46:13 AIF:Dropped FORWARD packet: IN=br0 OUT=br0 PHYSIN=tap0
>> PHYSOUT=eth0 SRC=89.188.xxx.xx DST=83.188.xxx.xxx PROTO=UDP 
>> DPT=DNS(53) SPT=55685
>> TTL=64
>> 
>> This should just work.
>> 
>> Greetings,
>> -Mark.
>> 
>> 
>> On Tue, Mar 10, 2009 at 02:36:10PM CET, Mark van Dijk spoke 0.7K bytes, 
>> saying:
>> 
>>> Hi,
>>>
>>> I started using qemu. I have 8 public IP's. One of them is for the qemu 
>>> client.
>>>
>>> what i did was this:
>>>
>>> * ifconfig eth0 promisc up
>>> * add br0 and add eth0 to it
>>> * give br0 public ip's minus one
>>> * run qemu which connects to tap0
>>> * add tap0 to br0
>>> * give a public IP to the qemu host
>>>
>>>
>>> I don't get any sort of communication when I try to ping it from the 
>>> internet.
>>> I have put br0 to EXT_IF and tap0 to INT_IF. Should I put eth0 anywhere?

>>> Dunno
>>> if that's the proper procedure. How do I get this to work?
>>>
>>> Thanks,
>>> -Mark.
>>>
>>>
>>> _______________________________________________
>>> Firewall mailing list
>>> Firewall at rocky.eld.leidenuniv.nl
>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>> http://rocky.eld.leidenuniv.nl
>>>
>> _______________________________________________
>> Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.nl
>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
>> 
> 
> -- 
> Arno van Amersfoort
> E-mail : arnova at rocky.eld.leidenuniv.nl
> Donations are welcome through Paypal!
> 
> --------------------------------------------------------------------
> -------
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> 
> 




More information about the Firewall mailing list