LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Ethernet Bridge on RedHat not passing traffic
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-26-2012, 08:13 PM   #1
arozar
LQ Newbie
 
Registered: Jul 2009
Posts: 4

Rep: Reputation: 0
Ethernet Bridge on RedHat not passing traffic

Ive setup a bridge with eth1, and eth2, using br0 interface. when I run tcpdump on the bridge interface I see packets from both interfaces, but they are not passing. I get the same results with iptables on and off, I believe my iptables are correct, bellow is some out put as far as my config.


[root@ips ~]# tcpdump -i br0
tcpdump: WARNING: br0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes

21:06:16.775169 ARP, Request who-has adsvr01.h1tb.com tell vc.h1tb.com, length 46
21:06:16.775537 ARP, Request who-has vc.h1tb.com tell adsvr01.h1tb.com, length 46
21:06:24.877900 IP adsvr01.h1tb.com.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
21:06:33.865442 IP adsvr01.h1tb.com.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
21:06:36.143829 ARP, Request who-has adsvr01.h1tb.com tell win2k3_x32.h1tb.com, length 46
21:06:40.130752 ARP, Request who-has adsvr01.h1tb.com tell win2k3_x32.h1tb.com, length 46
21:06:42.084565 ARP, Request who-has adsvr01.h1tb.com tell win2k3_x32.h1tb.com, length 46
21:06:44.083409 ARP, Request who-has adsvr01.h1tb.com tell win2k3_x32.h1tb.com, length 46
21:06:44.167751 ARP, Request who-has 172.31.253.1 tell win2k3_x32.h1tb.com, length 46
21:06:48.130647 IP win2k3_x32.h1tb.com.netbios-ns > 172.31.253.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:06:48.880776 IP win2k3_x32.h1tb.com.netbios-ns > 172.31.253.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:06:49.396226 ARP, Request who-has 172.31.253.1 tell win2k3_x32.h1tb.com, length 46
21:06:49.630694 IP win2k3_x32.h1tb.com.netbios-ns > 172.31.253.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:06:50.084116 ARP, Request who-has adsvr01.h1tb.com tell win2k3_x32.h1tb.com, length 46
21:06:50.873408 IP adsvr01.h1tb.com.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300


[root@ips ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.005056a9000b yes eth1
eth2

DEVICE="br0"
TYPE=Bridge
STP=on
ONBOOT=yes
BOOTPROTO=none
NM_CONTROLLED=no

DEVICE="eth1"
ONBOOT=yes
BRIDGE=br0
TYPE=Ethernet
BOOTPROTO=none

DEVICE="eth2"
ONBOOT=yes
BRIDGE=br0
TYPE=Ethernet
BOOTPROTO=none


[root@ips ~]# sysctl -a | grep bridge

net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-filter-vlan-tagged = 0
net.bridge.bridge-nf-filter-pppoe-tagged = 0


[root@ips ~]# iptables -vL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2172 164K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
1 60 ACCEPT icmp -- any any anywhere anywhere
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh
35 6765 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- br0 any anywhere anywhere
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
 
Old 04-26-2012, 08:51 PM   #2
ericson007
Member
 
Registered: Sep 2004
Location: Japan
Distribution: CentOS 7.1
Posts: 735

Rep: Reputation: 154Reputation: 154
If you need a simple firewall to copy and paste, “vi /root/firewall”

Quote:
#!/bin/sh

# iptables script generated 2011-01-23
# http://www.mista.nu/iptables

IPT="/sbin/iptables"

# Extra stuff
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
echo 0 > /proc/sys/net/ipv4/tcp_ecn
echo 0 > /proc/sys/net/ipv4/ip_forward

# Flush old rules, old custom tables
$IPT --flush
$IPT --delete-chain

# Set default policies for all three default chains
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT

# Enable free use of loopback interfaces
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT

# All TCP sessions should begin with SYN
$IPT -A INPUT -p tcp ! --syn -m state --state NEW -s 0.0.0.0/0 -j DROP

# Accept inbound TCP packets
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p tcp --dport XXX22 -m state --state NEW -s 0.0.0.0/0 -j ACCEPT

# Accept inbound ICMP messages
$IPT -A INPUT -p ICMP --icmp-type 8 -s 0.0.0.0/0 -j ACCEPT
# $IPT -A INPUT -p ICMP --icmp-type 11 -s 0.0.0.0/0 -j ACCEPT
Add a line to “/etc/rc.local” (above the last line) for your firewall script. For example, “/root/firewall
Last edited by ericson007; 04-26-2012 at 09:00 PM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Traffic not passing through iptables schapman43 Linux - Networking 1 01-23-2011 10:05 PM
Ethernet driver - kernel crashes after passing a few Ethernet frames to upper layers AustinMarton Linux - Kernel 0 03-12-2009 06:27 PM
VT6120 Gigabit Ethernet Adapter not passing multicast traffic bartock Linux - Networking 2 03-17-2008 01:04 PM
PPP Through Slackware 9.1 -- No traffic passing bburgy Linux - Software 4 08-05-2004 01:13 PM
Passing DHCP over a transparent bridge wildefire Linux - Networking 2 11-24-2003 09:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:19 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration