View previous topic :: View next topic |
Author |
Message |
maxx^hjb n00b
Joined: 19 Oct 2002 Posts: 8
|
Posted: Sat Oct 19, 2002 12:27 am Post subject: Bridging Firewall and iptables |
|
|
Hi!
I want to set up a bridging (transparent) Firewall with GenToo. That meens a machine with 2 NICs and bridging/iptables support build into the kernel. Setup went well and the bridge starts up fine... no problem so far.
But when I try to filter packets with iptables nothing gets filtered, no matter what I do... it seems that the bridge does not deliver anything to iptables
Any suggestions welcome!
mAXx |
|
Back to top |
|
|
maxx^hjb n00b
Joined: 19 Oct 2002 Posts: 8
|
Posted: Sat Oct 19, 2002 1:02 pm Post subject: |
|
|
OK... talking to myself... and maybe helpful for someone else...
Got it working now! I started from scratch and compiled latest bridge-utils from bridge.sourceforge.net (not the ones in the portage tree) and applied a Kernel-Patch (also avail. @ sourceforge... be sure to grab the bridge-nf-0.0.8 from experimental dir, not the 0.0.7 from the downloads page) to make the Bridge working with netfilter (iptables).
Happy...
mAXx |
|
Back to top |
|
|
acidreign Tux's lil' helper
Joined: 21 Apr 2002 Posts: 122 Location: Brisbane, Australia
|
Posted: Thu Oct 31, 2002 9:54 pm Post subject: About to try the same task. |
|
|
Gday,
Just about to try the same task, as far as I can tell, should filter this on the FORWARD chain, although, untested on my behalf.
I did try Bridging with gentoo-2.4.18, and then patched the kernel, but it came with its own kernel panic whenever you tried to ifconfig bridge up.
Unhappy days,
I try this dance again now with 1.4.. (downloading now) and hopefully i'll have some joy by a few hours, i'll post back with a reply.
Ive read that you may also need to recompile iptables... give that a go. |
|
Back to top |
|
|
ronmon Veteran
Joined: 15 Apr 2002 Posts: 1043 Location: Key West, FL
|
Posted: Sat Nov 02, 2002 4:32 pm Post subject: |
|
|
I have a slightly different setup that is working very well. My firewall/router box has eth0 on DSL and eth1 plus wlan0 bridged to br0 as my home LAN. It's just so that I have only one subnet for both wired and wireless to simplify things a bit. I built a Gentoo 1.2 (2.4.19-gentoo-r9 kernel) for it with Shorewall doing firewall and routing.
Configuring Shorewall was pretty straightforward, using br0 as my internal interface instead of ethx. Getting things to start in the proper order was a little trickier since the bridge needs to be up before iptables starts looking for it. |
|
Back to top |
|
|
|