Hello,
Bradley Kite a écrit :
the connection-tracking needs to be turned off on the bridges in order
to make this work:
iptables --table raw -A PREROUTING -i [BRIDGE] -j NOTRACK
This may have undesirable side effects unless you add "-m physdev
--physdev-is-bridged" to ensure that this rule matches only bridged
traffic and not forwarded traffic received on the bridge interface.
If you just don't want Netfilter (including the conntrack and iptables)
to see the bridged IP traffic, you can do this by setting the sysctl
net.bridge.bridge-nf-call-iptables to 0.
echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables
or
sysctl -w net.bridge.bridge-nf-call-iptables=0
Add the following line in /etc/sysctl.conf to make it persistent across
reboots :
net.bridge.bridge-nf-call-iptables=0
--
-
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
