> > > Hi, > > > > > > I notice that with the Kernel 2.6.25.9 the 802.1q VLAN > > > tagged packets larger than 1470 bytes are not > > > forwarded at all by a bridge. > > > I think there is a bad interaction between bridge and > > > netfilter codes. Any chance to a have a patch to solve > > > this problem that limit the possibility to use the > > > Linux bridges in a environment with VLANs? > > > > With the following command it works: > > > > echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables > > > > but this disable the iptables support that it's > > important for obtaining complex bridge-firewall > > scenarios. > > Regards > > Fulvio Ricciardi > > Your iptables need to know about VLAN's as well. > I bet your default action is to DROP. > No, the default policy is ACCEPT for the FORWARD chain. In any case the problem takes place only with large packets. For example if I try ping -s 1472 192.168.99.74 it works, but ping -s 1473 192.168.99.74 it does not. I am sure that the network cards are VLAN 802.1q aware because only the forwarding process is broken. If instead I just ping the IP of the bridge interface it works fine. Regards Fulvio -------------------------------------------------------------------- Fulvio Ricciardi web: http://www.zeroshell.net/eng/ skype: zeroshellnet Phone: +3908321835630 _______________________________________________ Bridge mailing list Bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/bridge
