Bridging Firewall and iptables

[maxx^hjb]

Hi!

I want to set up a bridging (transparent) Firewall with GenToo. That meens a machine with 2 NICs and bridging/iptables support build into the kernel. Setup went well and the bridge starts up fine... no problem so far.

But when I try to filter packets with iptables nothing gets filtered, no matter what I do... it seems that the bridge does not deliver anything to iptables

Any suggestions welcome!

mAXx

[maxx^hjb]

OK... talking to myself... and maybe helpful for someone else...

Got it working now! I started from scratch and compiled latest bridge-utils from bridge.sourceforge.net (not the ones in the portage tree) and applied a Kernel-Patch (also avail. @ sourceforge... be sure to grab the bridge-nf-0.0.8 from experimental dir, not the 0.0.7 from the downloads page) to make the Bridge working with netfilter (iptables).

Happy...

mAXx

[acidreign]

Gday,

Just about to try the same task, as far as I can tell, should filter this on the FORWARD chain, although, untested on my behalf.

I did try Bridging with gentoo-2.4.18, and then patched the kernel, but it came with its own kernel panic whenever you tried to ifconfig bridge up.

Unhappy days,

I try this dance again now with 1.4.. (downloading now) and hopefully i'll have some joy by a few hours, i'll post back with a reply.


Ive read that you may also need to recompile iptables... give that a go.

[ronmon]

I have a slightly different setup that is working very well. My firewall/router box has eth0 on DSL and eth1 plus wlan0 bridged to br0 as my home LAN. It's just so that I have only one subnet for both wired and wireless to simplify things a bit. I built a Gentoo 1.2 (2.4.19-gentoo-r9 kernel) for it with Shorewall doing firewall and routing.

Configuring Shorewall was pretty straightforward, using br0 as my internal interface instead of ethx. Getting things to start in the proper order was a little trickier since the bridge needs to be up before iptables starts looking for it.