Solved

Iptables and Transparent Bridge dont working

Posted on 2004-03-30
6
528 Views
Last Modified: 2008-03-17
Hi,
We configure a slack with a transparent bridge, but IPTABLES dont block traffic passing throught the bridge.

Are there any known problem to use iptables in a transparente bridge?  Any solution for this problem?

Please, it's urgent.


Regards,
Luiz
0
Comment
Question by:ipsystems
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 9

Accepted Solution

by:
Alf666 earned 500 total points
ID: 10719026
iptables can't "see" bridge packets.

See ebtables for this :

http://ebtables.sourceforge.net/
0
 

Author Comment

by:ipsystems
ID: 10719238

The Ebtables syntax is similar or equal iptables?
0
 
LVL 9

Expert Comment

by:Alf666
ID: 10719281
Yes. Very similar.

But you have to install it and recompile a kernel with it. It's standard in 2.6, but you need to patch your 2.4 kernel.

Then, install the user space tools.

Their site is pretty informative and very helpful in setting this up.

There is unfortunately no easier way.
0
Create CentOS 7 Newton Packstack Running Keystone

A bug was filed against RDO for the installation of Keystone v3. This guide is designed to walk you through the configuration for using Keystone v3 with Packstack. You will accomplish this using various repos and the Answers file.

 

Author Comment

by:ipsystems
ID: 10719306

yes...I'll try to install it! :(

I already install cbq, snort with acid and Snortsam blocking with iptables!... but when I try to block from bridge....the bad news!...

Well...let's go! :)

0
 

Author Comment

by:ipsystems
ID: 10723107

Can you help a little more?

I install ebtables and it works fine... but I have difficult to make some rules, because is a little different from IPtables.

For exemple, I don't know how to block ICMP attemp and dun know how to block a port 25 for exemple.... the website does not have a complete exemples.

Take a look:
http://ebtables.sourceforge.net/examples.html#real

Thanks for any help


Luiz
0
 
LVL 9

Expert Comment

by:Alf666
ID: 10725804
ebtables -A FORWARD --ip-proto 1 -j DROP # 1 is ICMP
ebtables -A INPUT --ip-proto 1 -j DROP

ebtables -A FORWARD --ip-proto IPv4 --ip-destination-port 25 -j DROP
ebtables -A INPUT --ip-proto IPv4 --ip-destination-port 25 -j DROP

I don't have an ebtables installed box in here, so it's hard to test, but these should work.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question