Hi all,
Original problem:
I am running on Fedora 17 with the latest ebtables and have been trying to setup a transparent bridge - using the following script, I send a ping through the bridged host and only see the requests, BUT, arps and arp replies are making it through.
My host is setup - Client 192.168.1.10 <-- eth0 <Bridgehost br0> --> eth2 192.168.1.20
Here is the edited script
Code:
#!/bin/bash
# Ebtables transparent firewall script
INF0="eth0"
INF1="eth2"
ifconfig $INF0 down
ifconfig $INF1 down
ifconfig $INF0 0.0.0.0 up
ifconfig $INF1 0.0.0.0 up
/usr/sbin/brctl addbr br0
/usr/sbin/brctl stp br0 off
/usr/sbin/brctl addif br0 $INF0
/usr/sbin/brctl addif br0 $INF1
/usr/sbin/brctl setfd br0 5
ifconfig br0 0.0.0.0 up
# Make sure forwarding is on
echo "1" > /proc/sys/net/ipv4/ip_forward
# DEFAULT POLICY
ebtables -P INPUT ACCEPT
ebtables -P OUTPUT ACCEPT
ebtables -P FORWARD ACCEPT
# FLUSH TABLES
ebtables -F FORWARD
ebtables -F INPUT
ebtables -F OUTPUT
# Forward Arp and IPv4 Traffic
ebtables -A FORWARD -p ip -j ACCEPT
ebtables -A FORWARD -p arp -j ACCEPT
# Just to make sure
iptables -I FORWARD -j ACCEPT
The verify in /etc/sysctl.conf that these are set to 0
Code:
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
Verify that NetworkManager is off:
Code:
sudo ckconfig NetworkManager off
Finally verify that your interfaces are up and running.. make sure you have management interfaces unplugged for testing... some weird routing issues can happen and you won't be able to isolate the issue with the bridge.