iptables, bridging and inside-/outside-issue
After reading through the article series by Mick Bauer regarding transparent firewalls I got a bit inspired to try for myself.
I've installed ubuntu onto a machine with 3 network interfaces, and bridged these three interfaces to one common bridge.
I've copied the iptables-script from part V in the series, but re-written it due to the fact that I in my installation will be unable to sort traffic based on ip.
I will not know which addresses will be used on either side of the firewall, so I'll have to sort my traffic on some other variable.
I was thinking that I could sort the traffic based on PHYSIN and PHYSOUT in iptables, but -i and -o does not seem to do that.
As an example I've created the following rule:
iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -j ACCEPT
But I still get the following in my kernel log:
floyd kernel: [269519.979985] Dropped by default (FORWARD): IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=eth0 SRC=10.0.0.113 DST=22.214.171.124 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31771 DF PROTO=TCP SPT=35727 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Which as far as I can figure should be allowed by the rule.
What can I do to sort the traffic based on the physical interface?
|A Project to Guarantee Better Security for Open-Source Projects||Aug 27, 2015|
|Concerning Containers' Connections: on Docker Networking||Aug 26, 2015|
|My Network Go-Bag||Aug 24, 2015|
|Doing Astronomy with Python||Aug 19, 2015|
|Build a “Virtual SuperComputer” with Process Virtualization||Aug 18, 2015|
|Firefox Security Exploit Targets Linux Users and Web Developers||Aug 17, 2015|
- Concerning Containers' Connections: on Docker Networking
- A Project to Guarantee Better Security for Open-Source Projects
- Problems with Ubuntu's Software Center and How Canonical Plans to Fix Them
- My Network Go-Bag
- Firefox Security Exploit Targets Linux Users and Web Developers
- Doing Astronomy with Python
- Build a “Virtual SuperComputer” with Process Virtualization
- diff -u: What's New in Kernel Development
- Three More Lessons
- August 2015 Issue of Linux Journal: Programming