Hello, Philip A. Prindeville a écrit : > I have a DSL card (a Traverse Technologies Solos ATM/DSL card) than > exposes a PPPoE adaptation layer as an ethernet interface (nas0). I guess you mean ethernet/LLC AAL5 instead of PPPoE. > I've set up bridging (br0=eth0+nas0). And I'm using an iptables based firewall > (Arno's iptables firewall 1.9.2c). > > I'm running PPP over br0. (Why did I do this? So I could stick a > packet sniffer on eth0 and get traces of everything going out over the > DSL...) Prepare to be disappointed. A bridge port does not see traffic that flows between other ports. > Problem is, I can't tell if I need to set my external (ingress) interface to br0, > or to ppp0... because the logs show both (IN=br0 and IN=ppp0) -- even for the same > packet! Not sure why. > > Any suggestions (besides "don't use bridging!!!")? > > Is this an artifact of PPP and pseudo-interfaces, or of bridging, or both? I didn't watch your logs closely, but this might be caused by bridge-nf which passes bridged IP packets to iptables. Since Linux 2.6.22 it can even pass IP packets encapsulated in PPPoE frames. Useful when you want to setup a filtering bridge, but may have undesirable effects when you want a plain transparent bridge. And you know what ? This is enabled by default. If you don't need/want iptables to see bridged traffic (iptables will still see normal routed IP trafic at bridge interfaces), clear all parameters in /proc/sys/net/bridge/, specially bridge-nf-filter-pppoe-tagged. -- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
