Hello. Seems like you should load br_netfilter module. Without it switching in the bridge works with some stranges. After loading this module check the sysctl variables bridge.netfilter.bridge-nf-* and set it to corresponded values. 2015-08-23 10:22 GMT+03:00 Tugrul Erdogan <h.tugrul.erdogan@xxxxxxxxx>: > Hi all; > > I have a problem on bridged interface's arp replay management. My > bridged interface which name is br0 and its physical NICs has no ip > assigned them. I added the routing rule as follow "ip ro add A dev > br0" . When I try to use synproxy rule on iptables my device send an > arp request to A to determine the mac address of the A to create the > SYN+ACK package which will be sent to A. Then the arp replay of A came > back to my device, I can see the arp replay packets of A by tcpdump on > br0 interface. But the arp table is not including this arp replay. > > When I write some rules on arptables to analyze the arp request and > replay packages, I see that the arp request leaves from physical NIC > and but the replay of that arp request comes from br0 interface. So I > think that for this reason the arp replay is not taken on by arp table > as the mac address of A on my device (maybe as a arp spoofing > prevention method). > > I want to take your helps. What can be the reason of this arp request > rejection. Is there any sysctl setting that I have not known yet or > how can I solve this problem? > > Thanks for your helps. > Best regards, > Tugrul > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Anton. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
