[Firewall] Bridging

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Tue Mar 17 11:03:10 CET 2009


Sure a plugin would be a great idea but someone that can actually test 
it has to write it then. And I don't have the means atm....

a.

Mark van Dijk wrote:
>  OK - I discovered that the issue has been solved by adding:
> iptables -A FORWARD -i br0 -o br0 -j ACCEPT
> to the custom rules.
> 
> Maybe you could put something like this in the firewall.conf configuration,
> or create a plugin for it? It would be very convenient for new users with no
> prior knowledge about AIF's internals.
> 
> Mark
>  
> ----------------originele bericht-----------------
> Van: "Arno van Amersfoort" arnova at rocky.eld.leidenuniv.nl
> Aan: "Arno's IPTABLES firewall script" firewall at rocky.eld.leidenuniv.nl
> Datum: Wed, 11 Mar 2009 13:19:15 +0100
> -------------------------------------------------
>  
>  
>> I don't know much about bridges but I think eth0 should go into EXT_IF 
>> and br0 into TRUSTED_IF.... Although i don't really understand why the 
>> forward-in is the same as the forward-out, but again that's probably to 
>> my limited knowledge about bridges....
>>
>> a.
>>
>> Mark van Dijk wrote:
>>> BTW here is one of the logs:
>>> Mar 10 14:46:13 AIF:Dropped FORWARD packet: IN=br0 OUT=br0 PHYSIN=tap0
>>> PHYSOUT=eth0 SRC=89.188.xxx.xx DST=83.188.xxx.xxx PROTO=UDP 
>>> DPT=DNS(53) SPT=55685
>>> TTL=64
>>>
>>> This should just work.
>>>
>>> Greetings,
>>> -Mark.
>>>
>>>
>>> On Tue, Mar 10, 2009 at 02:36:10PM CET, Mark van Dijk spoke 0.7K bytes, 
>>> saying:
>>>
>>>> Hi,
>>>>
>>>> I started using qemu. I have 8 public IP's. One of them is for the qemu 
>>>> client.
>>>>
>>>> what i did was this:
>>>>
>>>> * ifconfig eth0 promisc up
>>>> * add br0 and add eth0 to it
>>>> * give br0 public ip's minus one
>>>> * run qemu which connects to tap0
>>>> * add tap0 to br0
>>>> * give a public IP to the qemu host
>>>>
>>>>
>>>> I don't get any sort of communication when I try to ping it from the 
>>>> internet.
>>>> I have put br0 to EXT_IF and tap0 to INT_IF. Should I put eth0 anywhere?
> 
>>>> Dunno
>>>> if that's the proper procedure. How do I get this to work?
>>>>
>>>> Thanks,
>>>> -Mark.
>>>>
>>>>
>>>> _______________________________________________
>>>> Firewall mailing list
>>>> Firewall at rocky.eld.leidenuniv.nl
>>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>>> http://rocky.eld.leidenuniv.nl
>>>>
>>> _______________________________________________
>>> Firewall mailing list
>>> Firewall at rocky.eld.leidenuniv.nl
>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>> http://rocky.eld.leidenuniv.nl
>>>
>> -- 
>> Arno van Amersfoort
>> E-mail : arnova at rocky.eld.leidenuniv.nl
>> Donations are welcome through Paypal!
>>
>> --------------------------------------------------------------------
>> -------
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
>> _______________________________________________
>> Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.nl
>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
>>
>>
> 
> 
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> 

-- 
Arno van Amersfoort
E-mail    : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl


More information about the Firewall mailing list