Hello,
Georgi Georgiev wrote :
I am having trouble understaning how bridging and iptables fit together.
The situation that bugs me is: if I do a PPPoE connection over a bridge
with a single physical port, my nat table will see any incoming packet
as coming from the bridge interface, and not the ppp interface. Why?
I guess you have a kernel 2.6.22 or above.
From ChangeLog-2.6.22 :
[NETFILTER]: bridge-nf: filter bridged IPv4/IPv6 encapsulated in
pppoe traffic
The attached patch by Michael Milner adds support for using iptables
and ip6tables on bridged traffic encapsulated in pppoe frames,
similar to what's already supported for vlan.
Setting the net.bridge.bridge-nf-filter-pppoe-tagged sysctl
(/proc/sys/net/bridge/bridge-nf-filter-pppoe-tagged) to 0 should disable it.
From <kernelsourcedir>/Documentation/networking/ip-sysctl.txt :
bridge-nf-filter-pppoe-tagged - BOOLEAN
1 : pass bridged pppoe-tagged IP/IPv6 traffic to {ip,ip6}tables.
0 : disable this.
Default: 1
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
