On Sat, Jun 28, 2008 at 2:50 PM, Fulvio Ricciardi <fulvio.ricciardi@xxxxxxxxxxxxx> wrote:
Are the other nodes directly connected to the netfilter bridge, or are there ethernet switches involved? Are these switches managed, smart, or dumb? Are jumbo frames enabled on all devices in the path?
No, the default policy is ACCEPT for the FORWARD chain. In
> > > Hi,
> > >
> > > I notice that with the Kernel 2.6.25.9 the 802.1q VLAN
> > > tagged packets larger than 1470 bytes are not
> > > forwarded at all by a bridge.
> > > I think there is a bad interaction between bridge and
> > > netfilter codes. Any chance to a have a patch to solve
> > > this problem that limit the possibility to use the
> > > Linux bridges in a environment with VLANs?
> >
> > With the following command it works:
> >
> > echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables
> >
> > but this disable the iptables support that it's
> > important for obtaining complex bridge-firewall
> > scenarios.
> > Regards
> > Fulvio Ricciardi
>
> Your iptables need to know about VLAN's as well.
> I bet your default action is to DROP.
>
any case the problem takes place only with large packets.
For example if I try
ping -s 1472 192.168.99.74
it works, but
ping -s 1473 192.168.99.74
it does not.
I am sure that the network cards are VLAN 802.1q aware
because only the forwarding process is broken. If instead I
just ping the IP of the bridge interface it works fine.
Are the other nodes directly connected to the netfilter bridge, or are there ethernet switches involved? Are these switches managed, smart, or dumb? Are jumbo frames enabled on all devices in the path?
Regards
Fulvio
--------------------------------------------------------------------
Fulvio Ricciardi
web: http://www.zeroshell.net/eng/
skype: zeroshellnet
Phone: +3908321835630
_______________________________________________
_______________________________________________ Bridge mailing list Bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/bridge