Netfilter problem..

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,

I have interfaces:
eth0 - WAN
eth1 - LAN
eth2 - free
ath0 - Atheros AP
Then I have made a bridge br0(192.168.1.1) from ath0(0.0.0.0), eth1(0.0.0.0) because I want wired and wireless metwork in one address range 192.168.1.0 - 192.168.1.255 
and I run dhcp server over bridge br0.

Over eth1(wired network) works all fine.
I can not obtain IP address from dhcp over wifi interface ath0 and I get this message in 
tcpdump -vv -i br0
-------------------------------------------------------------------------------
br_netfilter: Argh!! br_nf_post_routing: bad mac.raw pointer.[eth1][br0] head:c35d23e0, raw:c35d23fe, data:c35d23fe 
-------------------------------------------------------------------------------
/var/log/messages
-------------------------------------------------------------------------------
Apr 4 22:38:23 sosiba kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:4c:67:66:d6:08:00 SRC=195.46.67.248 DST=255.255.255.255 LEN=128 TOS=0x00 PREC=0x00 TTL=128 ID=40800 PROTO=UDP SPT=164 DPT=164 LEN=108 Apr 4 22:43:54 sosiba kernel: br_netfilter: Argh!! br_nf_post_routing: bad mac.raw pointer.[eth1][br0] head:c2af95e0, raw:c2af95fe, data:c2af95fe Apr 4 22:44:05 sosiba kernel: IN=br0 OUT= PHYSIN=ath0 PHYSOUT=eth1 MAC=ff:ff:ff:ff:ff:ff:00:07:0e:b4:50:a5:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=540 PROTO=UDP SPT=68 DPT=67 LEN=308 Apr 4 22:44:05 sosiba dhcpd: DHCPREQUEST for 192.168.1.33 from 00:07:0e:b4:50:a5 via br0 Apr 4 22:44:05 sosiba dhcpd: DHCPACK on 192.168.1.33 to 00:07:0e:b4:50:a5 via br0 Apr 4 22:44:10 sosiba kernel: IN=br0 OUT= PHYSIN=ath0 PHYSOUT=eth1 MAC=ff:ff:ff:ff:ff:ff:00:07:0e:b4:50:a5:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=541 PROTO=UDP SPT=68 DPT=67 LEN=308 Apr 4 22:44:10 sosiba dhcpd: DHCPREQUEST for 192.168.1.33 from 00:07:0e:b4:50:a5 via br0 Apr 4 22:44:10 sosiba dhcpd: DHCPACK on 192.168.1.33 to 00:07:0e:b4:50:a5 via br0 Apr 4 22:44:19 sosiba kernel: IN=br0 OUT= PHYSIN=ath0 PHYSOUT=eth1 MAC=ff:ff:ff:ff:ff:ff:00:07:0e:b4:50:a5:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=542 PROTO=UDP SPT=68 DPT=67 LEN=308 Apr 4 22:44:19 sosiba dhcpd: DHCPREQUEST for 192.168.1.33 from 00:07:0e:b4:50:a5 via br0 Apr 4 22:44:19 sosiba dhcpd: DHCPACK on 192.168.1.33 to 00:07:0e:b4:50:a5 via br0 
-------------------------------------------------------------------------------

my iptables settings
-------------------------------------------------------------------------------
# Generated by iptables-save v1.2.9 on Fri Mar 18 11:14:11 2005
*mangle
:PREROUTING ACCEPT [1043684:865001650]
:INPUT ACCEPT [1041756:864643520]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [892707:425469139]
:POSTROUTING ACCEPT [892775:425458561]
COMMIT
# Completed on Fri Mar 18 11:14:11 2005
# Generated by iptables-save v1.2.9 on Fri Mar 18 11:14:11 2005
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE
-A PREROUTING -s 192.168.0.0/16 -i eth0 -j DROP
-A PREROUTING -s 172.16.0.0/12 -i eth0 -j DROP
-A PREROUTING -s 10.0.0.0/8 -i eth0 -j DROP
COMMIT
# Completed on Fri Mar 18 11:14:11 2005
# Generated by iptables-save v1.2.9 on Fri Mar 18 11:14:11 2005
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:syn_flood - [0:0]
-A INPUT -p udp -m udp -m multiport -j LOG --dports 67,68
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# ICMP pakety
-A INPUT -p icmp -m icmp -i eth0 --icmp-type echo-reply -j ACCEPT
-A INPUT -p icmp -m icmp -i eth0 --icmp-type destination-unreachable -j ACCEPT -A INPUT -p icmp -m icmp -m limit -i eth0 --icmp-type echo-request --limit 1/s --limit-burst 5 -j ACCEPT 
-A INPUT -p icmp -m icmp -i eth0 --icmp-type time-exceeded -j ACCEPT
-A INPUT -p tcp -m tcp -i eth0 --dport 113 -j REJECT
-A INPUT -p tcp -m tcp -m multiport -i eth0 -j ACCEPT --dports 4662,4663,4711 
-A INPUT -p udp -m udp -i eth0 --dport 4672 -j ACCEPT
# sshd
-A INPUT -p tcp -m tcp -s 217.75.72.98 -i eth0 --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp -s 62.152.224.131 -i eth0 --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp -s 195.46.69.224/29 -i eth0 --dport 22 -j ACCEPT
# Prepustim toto na eth0
-A INPUT -p tcp -m tcp -m multiport -i eth0 -j ACCEPT --dports 20,21,80,443,901,10000 
# Prepustim toto na eth1, eth2
-A INPUT -i br0 -j ACCEPT
-A INPUT -i eth2 -j ACCEPT
-A OUTPUT -p udp -m udp -m multiport -j LOG --dports 67,68
-A OUTPUT -p udp -m udp -m multiport -j LOG --sports 67,68
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -s 127.0.0.1 -j ACCEPT
-A OUTPUT -s 192.168.1.1 -j ACCEPT
-A OUTPUT -s 192.168.2.1 -j ACCEPT
-A OUTPUT -s 195.46.69.228 -j ACCEPT
-A OUTPUT -m limit --limit 3/hour --limit-burst 5 -j LOG
-A FORWARD -m state -i br0 --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A syn_flood -m limit --limit 1/s --limit-burst 5 -j RETURN
-A syn_flood -j DROP
# Prepustim toto na eth1
-A INPUT -i lo -j ACCEPT
-A INPUT -p udp -m udp -m multiport -j LOG --dports 67,68
-A INPUT -p tcp -i eth0 -j syn_flood  --syn
# log DoS
-A INPUT -m limit --limit 3/hour --limit-burst 5 -j LOG
# Vsetko ostatne zabi!
-A INPUT -j DROP
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p udp -m udp -m multiport -j LOG --dports 67,68
-A FORWARD -p udp -m udp -m multiport -j LOG --sports 67,68
COMMIT
# Completed on Fri Mar 18 11:14:11 2005
-------------------------------------------------------------------------------

I am runing kernel-2.6.12-17mdk.

Please what could be wrong?
Robert.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux