I forgot to mention this line:
$EBTABLES -t broute -A BROUTING -d 01:00:00:00:00:00/01:00:00:00:00:00 -j
ACCEPT
without this line (should be for multicast), I see nothing while doing
tcpdump -n -i br0. Even my lan network works for over 20 min now... I guess
the problem is that line. It's letting all that stuff to go through br0.
anyway after setting up bridge, macs are like this:
br0 00:40:05:A7:2F:97
eth0 00:40:05:A7:2F:97
eth1 00:50:BF:79:56:BE
"Llanzlan Klazmon" <(E-Mail Removed)> wrote in message
news:Xns96BC9E685610EKlazmonllurdiaxorbgo@203.97.3 7.6...
> "Damir Galič" <(E-Mail Removed)> wrote in news:l7QOe.1687$cE1.240321
> @news.siol.net:
>
>> hey, I am using ebtables in combination with brctl.
>> it's like this:
>>
>> ifconfig eth0 192.168.1.100
>> ifconfig eth1 192.168.0.1
>> brctl addbr br0
>> brctl stp br0 off
>> brctl addif br0 eth0
>> brctl addif br0 eth1
>> ifconfig br0 0.0.0.0 up
>> ebtables -t broute -P BROUTING DROP
>> iptables -A INPUT -i br0 -j ACCEPT
>> iptables -A FORWARD -i br0 -o br0 -j ACCEPT
>>
>> now this should work as if there was no bridge. right?
>> now why is tcpdump dropping all that data, when I am dropping everything
>> with ebtables?
>
> IIRC tcpdump sees the packets before any filtering occurs. i.e it's hook
> is
> at a lower level than the filters. If the ethernet switch port is set to
> monitor mode then your PC and tcpdump will see everything passing through
> the
> switch.
>
>>
>> I am getting all this data with:
>> tcpdump -i br0 -n
>>
>> 03:05:34.806888 0.00:50:8d:53:81:38.455 > 0.ff:ff:ff:ff:ff:ff.455:
>> ipx-netbios 50
>> 03:06:21.951811 192.168.0.11.137 > 192.168.0.255.137: NBT UDP
>> PACKET(137):
>> QUERY; REQUEST; BROADCAST
>> 03:06:21.951985 arp who-has 192.168.0.11 tell 192.168.0.12
>> 03:06:36.996925 10.38.0.1 > 224.0.0.1: igmp query v2 [tos 0xc0] [ttl 1]
>> 03:06:41.606817 10.38.17.104 > 225.10.10.10: igmp v2 report 225.10.10.10
>> (DF) [ttl 1]
>> 03:06:42.749076 192.168.0.11 > 239.255.255.250: igmp v2 report
>> 239.255.255.250 [ttl 1]
>> 03:08:42.016393 10.38.0.1 > 224.0.0.1: igmp query v2 [tos 0xc0] [ttl 1]
>> 03:08:46.352990 10.38.17.104 > 225.10.10.10: igmp v2 report 225.10.10.10
>> (DF) [ttl 1]
>> 03:08:46.453257 192.168.0.12.138 > 192.168.0.255.138: NBT UDP PACKET(138)
>> 03:08:49.016695 192.168.0.12 > 239.255.255.250: igmp v2 report
>> 239.255.255.250 [ttl 1]
>> 03:09:31.128966 arp who-has 192.168.0.1 tell 192.168.0.11
>> 03:09:31.129068 arp reply 192.168.0.1 is-at 0:40:5:a7:2f:97
>> 03:09:49.893388 192.168.0.11.137 > 192.168.0.255.137: NBT UDP
>> PACKET(137):
>> QUERY; REQUEST; BROADCAST
>>
>> now the problem is, bridge fails every time when I see 03:09:31.129068
>> arp
>> reply 192.168.0.1 is-at 0:40:5:a7:2f:97
>> Network is not responding for couple of seconds, then it starts working
>> normally again.
>> I am kinda a beginner here at this, so what could be a problem?
>
> I don't really know but: Does MAC address 0:40:5:a7:2f:97 actually
> correspond
> to the NIC in your PC? An ifconfig will show the MAC address as HWaddr.
>
> Klazmon.
>
>
>>
>> thanks
>>
>>
>>
>
|
Similar Threads
Linear Mode
