The bridge-nf code does not come enabled by default with rh7.3. I don't think that it comes enabled by default on any kernels. > I have not custom compiled the kernel. I was first using rh7.3 and it > works straight out of the box. I assumed that they would not have taken > that code back out of the precompiled kernel but i suppose they could have > > Derek > >>>> Scott MacKay <scottmackay@xxxxxxxxx> 11/20/03 11:17AM >>> > Did you add on the iptables hook for bridging and > activate all the proper configuration settings? > I has a similar problem with 2.4.22 (under RH9) > because I forgot to menuconfig and add in the proper > settings. > > --- Derek Storvik <dstorvik@xxxxxxxxxxxxxxxxxxxxx> > wrote: >> Hello all >> Hopefully someone can see my error. >> I have been running RH7.3 with it's standard kernal >> version 2.4.18-3 for several months configured as a >> transparent bridging firewall. We recently purchased >> a new machine and wanted to install RH9 with its >> standard kernal 2.4.20( i think)I followed the same >> steps installed with iptables and bridging utils and >> used my same script file to setup the bridge with >> two nics and fill in all my rules. This didn't seem >> to work right and on further testing realized >> NOTHING was being filtered. I then rebooted and >> manualy set up the bridge and cleared all the tables >> and set the default policy to drop. SO at this point >> nothing should get through. Well it bridges >> everything, and the counters in iptables do not >> increment. The system acts as if it is not there >> what so ever. >> >> here is the setup after the basic minimal install >> brctl addbr br0 >> brctl addif br0 eth0 >> brctl addif br0 eth1 >> ifconfig eth1 0.0.0.0 promisc >> ifconfig eth0 0.0.0.0 promisc >> #bring up bridge with either of the next two >> commands >> ifconfig br0 up >> ip link set br0 up >> #both do the same thing namely nothing >> iptables -X >> iptables -F >> iptables -P FORWARD DROP >> iptables -P INPUT DROP >> iptables -P OUTPUT DROP >> >> This setup happily bridges packets right on through >> with no updates to the iptables counters. >> >> I have been experimenting with devil linux as well >> recently and it exhibits the same problem. >> >> ip_forwarding is set to as it has been on my >> working rh7.3 machine I tried setting it to 1 but >> that didn't help the problems. Im not 100% sure what >> exactl the ip_forwarding property corresponds to >> anyway. >> >> any help would be greatly appreciated! >> Thanks >> Derek >> >> > > > __________________________________ > Do you Yahoo!? > Free Pop-Up Blocker - Get it now > http://companion.yahoo.com/ > > > > Thanks, Josh Berry, CTO LinkNet-Solutions 469-831-8543 josh.berry@xxxxxxxxxxxxxxxxxxxxx
