Hi,
I have a very specific repeatable issue with a gre tunnel bound to a
bridged interface.
Tunnel "tgre0" is bound to a source address on "br1"
tuxnix ~ # ip tunnel show tgre0
tgre0: gre/ip remote 72.25.98.XXX local 12.106.79.YYY ttl 64
tuxnix ~ # brctl show
bridge name bridge id STP enabled interfaces
br1 8000.000b824a311c no eth1
eth2
br0 8000.00065b6f4c82 no eth0
eth3
eth4
br2 8000.00022acb474a no eth5
The tunnel is built on br1.
When i disable the bridge and put the 12.106.79.YYY address on the
physical interface, this is what I see in the firewall debug:
Oct 3 07:55:02 tuxnix Shorewall:vpn2loc:ACCEPT:IN=tgre0 OUT=br2
PHYSOUT=eth5 SRC=10.2.1.6 DST=10.2.2.30 LEN=84 TOS=0x00 PREC=0x00 TTL=62
ID=19 DF PROTO=ICMP TYPE=8 CODE=0 ID=22904 SEQ=20
This is the correct output - the packet is shown as coming IN on tgre0.
When i reenable the bridge and look at the same output:
Oct 2 23:03:47 tuxnix Shorewall:net2loc:ACCEPT:IN=br1 OUT=br2
PHYSIN=eth1 PHYSOUT=eth5 SRC=10.2.1.6 DST=10.2.2.30 LEN=100 TOS=0x00
PREC=0x00 TTL=62 ID=625 PROTO=ICMP TYPE=8 CODE=0 ID=59 SEQ=3
As you can see, the input interface is incorrect. This is causing
numerous issues (Shorewall detecting the wrong zone due to wrong source
interface, masquerading failing because of wrong source interface) etc
etc etc, so i really need to get this fixed.
Any help would be much appreciated
Current kernel:
tuxnix ~ # uname -a
Linux tuxnix 2.6.14-rc1 #4 PREEMPT Thu Sep 28 16:38:03 PDT 2006 i686
Pentium III (Coppermine) GenuineIntel GNU/Linux
I have also tried 2.6.18 to see if that would resolve this issue. It did
not.
tuxnix ~ # iptables -V
iptables v1.3.5
Bridge utils version: net-misc/bridge-utils-1.0.6-r3
--David
mlist@xxxxxxxx
