[Bridge] 802.1q packets

Stephen Hemminger shemminger at vyatta.com
Sat Jun 28 11:31:54 PDT 2008


On Sat, 28 Jun 2008 14:07:33 +0200
"Fulvio Ricciardi" <fulvio.ricciardi at zeroshell.net> wrote:

> 
> > Hi,
> > 
> > I notice that with the Kernel 2.6.25.9 the 802.1q VLAN
> > tagged packets larger than 1470 bytes are not forwarded at
> > all by a bridge.
> > I think there is a bad interaction between bridge and
> > netfilter codes. Any chance to a have a patch to solve
> > this problem that limit the possibility to use the Linux
> > bridges in a environment with VLANs?
> 
> With the following command it works:
> 
> echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables
> 
> but this disable the iptables support that it's important
> for obtaining complex bridge-firewall scenarios.
> 
> Regards
> Fulvio Ricciardi

Your iptables need to know about VLAN's as well.
I bet your default action is to DROP.


More information about the Bridge mailing list