brctl & ebtables problems
This is a discussion on brctl & ebtables problems within the Linux Networking forums, part of the Linux Forums category; hey, I am using ebtables in combination with brctl. it's like this: ifconfig eth0 192.168.1.100 ifconfig ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-24-2005
|
|||
|
|||
brctl & ebtables problems
hey, I am using ebtables in combination with brctl.
it's like this: ifconfig eth0 192.168.1.100 ifconfig eth1 192.168.0.1 brctl addbr br0 brctl stp br0 off brctl addif br0 eth0 brctl addif br0 eth1 ifconfig br0 0.0.0.0 up ebtables -t broute -P BROUTING DROP iptables -A INPUT -i br0 -j ACCEPT iptables -A FORWARD -i br0 -o br0 -j ACCEPT now this should work as if there was no bridge. right? now why is tcpdump dropping all that data, when I am dropping everything with ebtables? I am getting all this data with: tcpdump -i br0 -n 03:05:34.806888 0.00:50:8d:53:81:38.455 > 0.ff:ff:ff:ff:ff:ff.455: ipx-netbios 50 03:06:21.951811 192.168.0.11.137 > 192.168.0.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 03:06:21.951985 arp who-has 192.168.0.11 tell 192.168.0.12 03:06:36.996925 10.38.0.1 > 224.0.0.1: igmp query v2 [tos 0xc0] [ttl 1] 03:06:41.606817 10.38.17.104 > 225.10.10.10: igmp v2 report 225.10.10.10 (DF) [ttl 1] 03:06:42.749076 192.168.0.11 > 239.255.255.250: igmp v2 report 239.255.255.250 [ttl 1] 03:08:42.016393 10.38.0.1 > 224.0.0.1: igmp query v2 [tos 0xc0] [ttl 1] 03:08:46.352990 10.38.17.104 > 225.10.10.10: igmp v2 report 225.10.10.10 (DF) [ttl 1] 03:08:46.453257 192.168.0.12.138 > 192.168.0.255.138: NBT UDP PACKET(138) 03:08:49.016695 192.168.0.12 > 239.255.255.250: igmp v2 report 239.255.255.250 [ttl 1] 03:09:31.128966 arp who-has 192.168.0.1 tell 192.168.0.11 03:09:31.129068 arp reply 192.168.0.1 is-at 0:40:5:a7:2f:97 03:09:49.893388 192.168.0.11.137 > 192.168.0.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST now the problem is, bridge fails every time when I see 03:09:31.129068 arp reply 192.168.0.1 is-at 0:40:5:a7:2f:97 Network is not responding for couple of seconds, then it starts working normally again. I am kinda a beginner here at this, so what could be a problem? thanks 
|
|
08-24-2005
|
|||
|
|||
|
Re: brctl & ebtables problems
"Damir Galič" <damirg@email.si> wrote in news:l7QOe.1687$cE1.240321
@news.siol.net: > hey, I am using ebtables in combination with brctl. > it's like this: > > ifconfig eth0 192.168.1.100 > ifconfig eth1 192.168.0.1 > brctl addbr br0 > brctl stp br0 off > brctl addif br0 eth0 > brctl addif br0 eth1 > ifconfig br0 0.0.0.0 up > ebtables -t broute -P BROUTING DROP > iptables -A INPUT -i br0 -j ACCEPT > iptables -A FORWARD -i br0 -o br0 -j ACCEPT > > now this should work as if there was no bridge. right? > now why is tcpdump dropping all that data, when I am dropping everything > with ebtables? IIRC tcpdump sees the packets before any filtering occurs. i.e it's hook is at a lower level than the filters. If the ethernet switch port is set to monitor mode then your PC and tcpdump will see everything passing through the switch. > > I am getting all this data with: > tcpdump -i br0 -n > > 03:05:34.806888 0.00:50:8d:53:81:38.455 > 0.ff:ff:ff:ff:ff:ff.455: > ipx-netbios 50 > 03:06:21.951811 192.168.0.11.137 > 192.168.0.255.137: NBT UDP PACKET(137): > QUERY; REQUEST; BROADCAST > 03:06:21.951985 arp who-has 192.168.0.11 tell 192.168.0.12 > 03:06:36.996925 10.38.0.1 > 224.0.0.1: igmp query v2 [tos 0xc0] [ttl 1] > 03:06:41.606817 10.38.17.104 > 225.10.10.10: igmp v2 report 225.10.10.10 > (DF) [ttl 1] > 03:06:42.749076 192.168.0.11 > 239.255.255.250: igmp v2 report > 239.255.255.250 [ttl 1] > 03:08:42.016393 10.38.0.1 > 224.0.0.1: igmp query v2 [tos 0xc0] [ttl 1] > 03:08:46.352990 10.38.17.104 > 225.10.10.10: igmp v2 report 225.10.10.10 > (DF) [ttl 1] > 03:08:46.453257 192.168.0.12.138 > 192.168.0.255.138: NBT UDP PACKET(138) > 03:08:49.016695 192.168.0.12 > 239.255.255.250: igmp v2 report > 239.255.255.250 [ttl 1] > 03:09:31.128966 arp who-has 192.168.0.1 tell 192.168.0.11 > 03:09:31.129068 arp reply 192.168.0.1 is-at 0:40:5:a7:2f:97 > 03:09:49.893388 192.168.0.11.137 > 192.168.0.255.137: NBT UDP PACKET(137): > QUERY; REQUEST; BROADCAST > > now the problem is, bridge fails every time when I see 03:09:31.129068 arp > reply 192.168.0.1 is-at 0:40:5:a7:2f:97 > Network is not responding for couple of seconds, then it starts working > normally again. > I am kinda a beginner here at this, so what could be a problem? I don't really know but: Does MAC address 0:40:5:a7:2f:97 actually correspond to the NIC in your PC? An ifconfig will show the MAC address as HWaddr. Klazmon. > > thanks > > >
|
|
08-24-2005
|
|||
|
|||
|
Re: brctl & ebtables problems
I forgot to mention this line:
$EBTABLES -t broute -A BROUTING -d 01:00:00:00:00:00/01:00:00:00:00:00 -j ACCEPT without this line (should be for multicast), I see nothing while doing tcpdump -n -i br0. Even my lan network works for over 20 min now... I guess the problem is that line. It's letting all that stuff to go through br0. anyway after setting up bridge, macs are like this: br0 00:40:05:A7:2F:97 eth0 00:40:05:A7:2F:97 eth1 00:50:BF:79:56:BE "Llanzlan Klazmon" <Klazmon@llurdiaxorb.govt> wrote in message news:Xns96BC9E685610EKlazmonllurdiaxorbgo@203.97.3 7.6... > "Damir Galič" <damirg@email.si> wrote in news:l7QOe.1687$cE1.240321 > @news.siol.net: > >> hey, I am using ebtables in combination with brctl. >> it's like this: >> >> ifconfig eth0 192.168.1.100 >> ifconfig eth1 192.168.0.1 >> brctl addbr br0 >> brctl stp br0 off >> brctl addif br0 eth0 >> brctl addif br0 eth1 >> ifconfig br0 0.0.0.0 up >> ebtables -t broute -P BROUTING DROP >> iptables -A INPUT -i br0 -j ACCEPT >> iptables -A FORWARD -i br0 -o br0 -j ACCEPT >> >> now this should work as if there was no bridge. right? >> now why is tcpdump dropping all that data, when I am dropping everything >> with ebtables? > > IIRC tcpdump sees the packets before any filtering occurs. i.e it's hook > is > at a lower level than the filters. If the ethernet switch port is set to > monitor mode then your PC and tcpdump will see everything passing through > the > switch. > >> >> I am getting all this data with: >> tcpdump -i br0 -n >> >> 03:05:34.806888 0.00:50:8d:53:81:38.455 > 0.ff:ff:ff:ff:ff:ff.455: >> ipx-netbios 50 >> 03:06:21.951811 192.168.0.11.137 > 192.168.0.255.137: NBT UDP >> PACKET(137): >> QUERY; REQUEST; BROADCAST >> 03:06:21.951985 arp who-has 192.168.0.11 tell 192.168.0.12 >> 03:06:36.996925 10.38.0.1 > 224.0.0.1: igmp query v2 [tos 0xc0] [ttl 1] >> 03:06:41.606817 10.38.17.104 > 225.10.10.10: igmp v2 report 225.10.10.10 >> (DF) [ttl 1] >> 03:06:42.749076 192.168.0.11 > 239.255.255.250: igmp v2 report >> 239.255.255.250 [ttl 1] >> 03:08:42.016393 10.38.0.1 > 224.0.0.1: igmp query v2 [tos 0xc0] [ttl 1] >> 03:08:46.352990 10.38.17.104 > 225.10.10.10: igmp v2 report 225.10.10.10 >> (DF) [ttl 1] >> 03:08:46.453257 192.168.0.12.138 > 192.168.0.255.138: NBT UDP PACKET(138) >> 03:08:49.016695 192.168.0.12 > 239.255.255.250: igmp v2 report >> 239.255.255.250 [ttl 1] >> 03:09:31.128966 arp who-has 192.168.0.1 tell 192.168.0.11 >> 03:09:31.129068 arp reply 192.168.0.1 is-at 0:40:5:a7:2f:97 >> 03:09:49.893388 192.168.0.11.137 > 192.168.0.255.137: NBT UDP >> PACKET(137): >> QUERY; REQUEST; BROADCAST >> >> now the problem is, bridge fails every time when I see 03:09:31.129068 >> arp >> reply 192.168.0.1 is-at 0:40:5:a7:2f:97 >> Network is not responding for couple of seconds, then it starts working >> normally again. >> I am kinda a beginner here at this, so what could be a problem? > > I don't really know but: Does MAC address 0:40:5:a7:2f:97 actually > correspond > to the NIC in your PC? An ifconfig will show the MAC address as HWaddr. > > Klazmon. > > >> >> thanks >> >> >> >
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 04:42 AM.
