Common Questions


Q:

My bridge mode iptables rules such as the following don't work:

 $IPTABLES -A INPUT... 

A:

Bridged traffic goes through the FORWARD chain. As you are bridging traffic, nothing is destined to the firewall itself. The right way to do the above rule is

 $IPTABLES -A FORWARD... 

Q:

On a 2.6 kernel, how are the bridged interfaces different?

A:

With 2.6, both the inbound and outbound network interface is the bridge interface, br0 for example. This means that when you are creating physdev rules, on connection tracking rules for example, you would use the br0 interface rather than the real interface, for example

 # this configuration assumes that two interfaces, eth0 (external) and eth1(internal) have # been bound into one common bridging interface, br0 # traffic inbound, hitting the eth0 device, will be matched against this rule. $IPTABLES -A FORWARD -i br0 -m physdev \         physdev-in eth0 -m state         \         --state ESTABLISHED,RELATED -j ACCEPT 



    Troubleshooting Linux Firewalls
    Troubleshooting Linux Firewalls
    ISBN: 321227239
    EAN: N/A
    Year: 2004
    Pages: 169

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net