Re: ebtables mac update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/29/10 09:29, ðÏËÏÔÉÌÅÎËÏ ëÏÓÔÉË wrote:
Linux box runs some services and have 3 interfaces, 2 of them are bridged to br0 and one is left for separate local segment. So it is a router between br0 and eth2 and a bridge between eth0, eth1.

Will you please clarify what interface the Zyxel bridge is connected to? (I'm guessing that it's connected to either eth0 or eth1, but I'd like some clarification.)

What is connected to the other two interfaces?

This is brctl showmacs, right?

I don't know the command off the top of my head, but I know there is a command to have the bridge show what MAC addresses are associated with what bridge ports.

So, this is exactly the same logic that switches use, right?

Should be, yes.

Can you confirm that if MAC (frame with source MAC) pops up on port different from the one it was seen previous time then the port for that MAC get updated?

Should be, yes.

What then "brctl setageing" for?

That should set the aging / expire timer for MAC addresses that have not been seen in a while. (How long the MAC has to be quite before it is flooded again.)

It may happen that rebooting the modems brings port link down and the bridge may clear the MAC-port table on that port. This is similar to what Zyxel support told me.

Agreed.  See my previous reply about a way to test this.

In my case on moved box I'm unable to make connections or even ping.

This is contrary to how every Linux bridge that I have used ever behaved. I'm thinking that the Zyxel is at least part of the problem. That being said, it is very unlikely but there could be some sort of weird interaction between the Zyxel and Linux bridging that combined is causing a problem.

Besides that it is a server, iptables is used to restrict access for separate local segment at eth2 (allow access to Internet and not to local net). Ebtables is empty now, but I wanted to be able to filter bridge traffic if that matters someday.

Remember that it is possible for IPTables to filter bridged traffic. (It depends if an option is enabled in the kernel.) So IPTables could be interfering with out you knowing it.

Will you please provide the output of "iptables-save" (sanitized if needed).



Grant. . . .
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux