>On Thu, Jul 1, 2010 11:27 PM, Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx> wrote: > I strongly doubt it. This rule forces routing of all packets instead of > bridging, so IIUC it effectively totally disables bridging and you are > back to two independent interfaces. I am sorry that i made a ambigous statement . what i meant is : We could add rules to BROUTING to selectively bridge and route packets .Previously i was not able to ping eth0 or eth1 from some other machine (in same subnet ) if i attach both to br0 . This got solved when we made default policy as DROP . On Thu, Jul 1, 2010 at 11:27 PM, Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx> wrote: > ratheesh k a écrit : >> >> brctl addbr br0 >> brctl addif eth0 >> brctl addif eth1 >> ifconfig br0 0.0.0.0 up >> >> The problem was "default brouter policy is accept " . So packets are >> coming to layer2 only . > > Indeed, by default (i.e. no brouting) packets received on a bridge port > are intercepted by the bridge. This is the intended behaviour of a > bridge, isn't it ? Thus a bridge port is not supposed to be assigned an > IP address (or be used by any protocol), because the IP stack (or any > other upper protocol layer) won't receive any packet directly from it > but from the bridge interface (which should have the IP address). > >>I applied the below command and every thing >> seemed to work exactly like connecting eth0 and eth1 to hardware hub . >> >> ebtables -t broute -P BROUTING -j DROP > > I strongly doubt it. This rule forces routing of all packets instead of > bridging, so IIUC it effectively totally disables bridging and you are > back to two independent interfaces. > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
