iptables, bridging and inside-/outside-issue
After reading through the article series by Mick Bauer regarding transparent firewalls I got a bit inspired to try for myself.
I've installed ubuntu onto a machine with 3 network interfaces, and bridged these three interfaces to one common bridge.
I've copied the iptables-script from part V in the series, but re-written it due to the fact that I in my installation will be unable to sort traffic based on ip.
I will not know which addresses will be used on either side of the firewall, so I'll have to sort my traffic on some other variable.
I was thinking that I could sort the traffic based on PHYSIN and PHYSOUT in iptables, but -i and -o does not seem to do that.
As an example I've created the following rule:
iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -j ACCEPT
But I still get the following in my kernel log:
floyd kernel: [269519.979985] Dropped by default (FORWARD): IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=eth0 SRC=10.0.0.113 DST=22.214.171.124 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31771 DF PROTO=TCP SPT=35727 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Which as far as I can figure should be allowed by the rule.
What can I do to sort the traffic based on the physical interface?
|Silicon Mechanics Gives Back||Jul 30, 2014|
|Reglue: Opening Up the World to Deserving Kids, One Linux Computer at a Time||Jul 29, 2014|
|diff -u: What's New in Kernel Development||Jul 23, 2014|
|Great Scott! It's Version 13!||Jul 21, 2014|
|Adminer—Better Than Awesome!||Jul 17, 2014|
|It Actually Is Rocket Science||Jul 16, 2014|
- Reglue: Opening Up the World to Deserving Kids, One Linux Computer at a Time
- Numerical Python
- Silicon Mechanics Gives Back
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance
- diff -u: What's New in Kernel Development
- Tech Tip: Really Simple HTTP Server with Python
- RSS Feeds
- Linux Systems Administrator
- Senior Perl Developer