[Bridge] 802.1q packets
Stephen Hemminger
shemminger at vyatta.com
Sat Jun 28 11:31:54 PDT 2008
On Sat, 28 Jun 2008 14:07:33 +0200
"Fulvio Ricciardi" <fulvio.ricciardi at zeroshell.net> wrote:
>
> > Hi,
> >
> > I notice that with the Kernel 2.6.25.9 the 802.1q VLAN
> > tagged packets larger than 1470 bytes are not forwarded at
> > all by a bridge.
> > I think there is a bad interaction between bridge and
> > netfilter codes. Any chance to a have a patch to solve
> > this problem that limit the possibility to use the Linux
> > bridges in a environment with VLANs?
>
> With the following command it works:
>
> echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables
>
> but this disable the iptables support that it's important
> for obtaining complex bridge-firewall scenarios.
>
> Regards
> Fulvio Ricciardi
Your iptables need to know about VLAN's as well.
I bet your default action is to DROP.
More information about the Bridge
mailing list