iptables, bridging and inside-/outside-issue
After reading through the article series by Mick Bauer regarding transparent firewalls I got a bit inspired to try for myself.
I've installed ubuntu onto a machine with 3 network interfaces, and bridged these three interfaces to one common bridge.
I've copied the iptables-script from part V in the series, but re-written it due to the fact that I in my installation will be unable to sort traffic based on ip.
I will not know which addresses will be used on either side of the firewall, so I'll have to sort my traffic on some other variable.
I was thinking that I could sort the traffic based on PHYSIN and PHYSOUT in iptables, but -i and -o does not seem to do that.
As an example I've created the following rule:
iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -j ACCEPT
But I still get the following in my kernel log:
floyd kernel: [269519.979985] Dropped by default (FORWARD): IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=eth0 SRC=10.0.0.113 DST=74.125.79.102 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31771 DF PROTO=TCP SPT=35727 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Which as far as I can figure should be allowed by the rule.
What can I do to sort the traffic based on the physical interface?
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Sponsored by AMD
If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.
Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.
Sponsored by ActiveState
| Non-Linux FOSS: libnotify, OS X Style | Jun 18, 2013 |
| Containers—Not Virtual Machines—Are the Future Cloud | Jun 17, 2013 |
| Lock-Free Multi-Producer Multi-Consumer Queue on Ring Buffer | Jun 12, 2013 |
| Weechat, Irssi's Little Brother | Jun 11, 2013 |
| One Tail Just Isn't Enough | Jun 07, 2013 |
| Introduction to MapReduce with Hadoop on Linux | Jun 05, 2013 |
- Containers—Not Virtual Machines—Are the Future Cloud
- Non-Linux FOSS: libnotify, OS X Style
- Linux Systems Administrator
- Validate an E-Mail Address with PHP, the Right Way
- Lock-Free Multi-Producer Multi-Consumer Queue on Ring Buffer
- Senior Perl Developer
- Technical Support Rep
- UX Designer
- RSS Feeds
- Introduction to MapReduce with Hadoop on Linux
Featured Jobs
| Linux Systems Administrator | Houston and Austin, Texas | Host Gator |
| Senior Perl Developer | Austin, Texas | Host Gator |
| Technical Support Rep | Houston and Austin, Texas | Host Gator |
| UX Designer | Austin, Texas | Host Gator |
| Web & UI Developer (JavaScript & j Query) | Austin, Texas | Host Gator |
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?



Found it!
iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth0 -p tcp --dport 80 -j ACCEPTWorked alot better! =D