[Bridge] Bridge blocking network traffic

ratheesh k ratheesh.ksz at gmail.com
Thu Jul 1 11:14:55 PDT 2010


>On Thu, Jul 1, 2010 11:27 PM, Pascal Hambourg <pascal.mail at plouf.fr.eu.org> wrote:
> I strongly doubt it. This rule forces routing of all packets instead of
> bridging, so IIUC it effectively totally disables bridging and you are
> back to two independent interfaces.

 I am sorry that i made a ambigous statement .
 what i meant is : We could add rules to BROUTING to selectively
bridge and route packets .Previously i was not able to ping eth0 or
eth1 from some other machine (in same subnet ) if i attach both to br0
. This got solved when we made default policy as DROP .


On Thu, Jul 1, 2010 at 11:27 PM, Pascal Hambourg
<pascal.mail at plouf.fr.eu.org> wrote:
> ratheesh k a écrit :
>>
>> brctl addbr br0
>> brctl  addif eth0
>> brctl  addif eth1
>> ifconfig br0  0.0.0.0 up
>>
>> The problem was "default brouter policy is accept " . So packets are
>> coming to layer2  only .
>
> Indeed, by default (i.e. no brouting) packets received on a bridge port
> are intercepted by the bridge. This is the intended behaviour of a
> bridge, isn't it ? Thus a bridge port is not supposed to be assigned an
> IP address (or be used by any protocol), because the IP stack (or any
> other upper protocol layer) won't receive any packet directly from it
> but from the bridge interface (which should have the IP address).
>
>>I applied the below command and every thing
>> seemed to work exactly like connecting eth0 and eth1 to hardware hub .
>>
>> ebtables -t broute  -P BROUTING -j DROP
>
> I strongly doubt it. This rule forces routing of all packets instead of
> bridging, so IIUC it effectively totally disables bridging and you are
> back to two independent interfaces.
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>


More information about the Bridge mailing list