I can't get DHCP to work through the firewall, I've tried everything, even: ebtables -A FORWARD -p IPv4 --ip-sport 67:68 -j ACCEPT ebtables -A FORWARD -p IPv4 --ip-dport 67:68 -j ACCEPT Other things I tried: ebtables -A FORWARD -i eth0 -o eth1 -p 0x800 --ip-src 192.168.0.1 --ip-proto udp --ip-sport 67:68 -j ACCEPT ebtables -A FORWARD -i eth1 -o eth0 -p 0x800 --ip-dst 255.255.255.255/255.255.255.255 --ip-proto udp --ip-dport 67:68 -j ACCEPT and before that: ebtables -A FORWARD -p 0x800 --ip-src 192.168.0.1 --ip-proto udp --ip-sport 68 -j ACCEPT ebtables -A FORWARD -p 0x800 --ip-dst 192.168.0.1 --ip-proto udp --ip-dport 67 -j ACCEPT --- On Wed, 5/20/09, Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> wrote: > From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> > Subject: Re: Ebtables ruleset isn't working, any ideas? > To: "Miguel Ghobangieno" <mikeeusa@xxxxxxxxx> > Cc: netfilter@xxxxxxxxxxxxxxx > Date: Wednesday, May 20, 2009, 7:24 AM > On Tue, 19 May 2009, Miguel > Ghobangieno wrote: > > > Ok I broke the rules up, and I used the hex value for > the protocals > > rather than the ascii "IP" etc; it workes now. This is > a debian stable > > box, I guess the ebtables that comes in apt is too > ancient. I would like > > to log everyone who attepts to access port 22 tcp on > eth2 though (allow > > them through but log). > > If `ebtables -h log` does not produce the help text of the > log watcher, > then you have to install ebtables manually, to get the > required logging > functionality. > > Best regards, > Jozsef > - > E-mail : kadlec@xxxxxxxxxxxxxxxxx, > kadlec@xxxxxxxxxxxx > PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt > Address : KFKI Research Institute for Particle and Nuclear > Physics > H-1525 Budapest 114, > POB. 49, Hungary > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html