Bridge and iptables postrouting
I have a Linux 3.14 PC with three NICs and a bridge between two of the NICs (eth1
and eth2
).
My Question
Why is there no traffic passing through the POSTROUTING rule? FYI, traffic is passing through (forwarded) the bridge just fine. Can someone be kind enough to provide me some pointers to get this working?
ifconfig eth1 down
ifconfig eth2 down
ifconfig eth1 up
ifconfig eth1 0.0.0.0
ifconfig eth2 up
ifconfig eth2 0.0.0.0
brctl addbr sm0
brctl addif sm0 eth1
brctl addif sm0 eth2
ifconfig sm0 up
iptables -t mangle -A POSTROUTING -o eth1 -p all -j CLASSIFY --set-class 1:99
iptables -t mangle -A POSTROUTING -o eth2 -p all -j CLASSIFY --set-class 2:99
Rules
o iptables -t mangle -nvL
Chain PREROUTING (policy ACCEPT 38914 packets, 2954K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 38210 packets, 2791K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 38072 packets, 2844K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 38072 packets, 2844K bytes)
pkts bytes target prot opt in out source destination
0 0 CLASSIFY all -- * eth1 0.0.0.0/0 0.0.0.0/0 CLASSIFY set 1:99
0 0 CLASSIFY all -- * eth2 0.0.0.0/0 0.0.0.0/0 CLASSIFY set 2:99
sysctl.conf
net.ipv4.ip_forward=1
Setting the values below to 0 or 1 has no effect on the iptables
net.bridge.bridge-nf-call-arptables=1
net.bridge.bridge-nf-call-ipv6tables=1
net.bridge.bridge-nf-call-ipv4tables=1
networking iptables bridge
bumped to the homepage by Community♦ 1 hour ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have a Linux 3.14 PC with three NICs and a bridge between two of the NICs (eth1
and eth2
).
My Question
Why is there no traffic passing through the POSTROUTING rule? FYI, traffic is passing through (forwarded) the bridge just fine. Can someone be kind enough to provide me some pointers to get this working?
ifconfig eth1 down
ifconfig eth2 down
ifconfig eth1 up
ifconfig eth1 0.0.0.0
ifconfig eth2 up
ifconfig eth2 0.0.0.0
brctl addbr sm0
brctl addif sm0 eth1
brctl addif sm0 eth2
ifconfig sm0 up
iptables -t mangle -A POSTROUTING -o eth1 -p all -j CLASSIFY --set-class 1:99
iptables -t mangle -A POSTROUTING -o eth2 -p all -j CLASSIFY --set-class 2:99
Rules
o iptables -t mangle -nvL
Chain PREROUTING (policy ACCEPT 38914 packets, 2954K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 38210 packets, 2791K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 38072 packets, 2844K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 38072 packets, 2844K bytes)
pkts bytes target prot opt in out source destination
0 0 CLASSIFY all -- * eth1 0.0.0.0/0 0.0.0.0/0 CLASSIFY set 1:99
0 0 CLASSIFY all -- * eth2 0.0.0.0/0 0.0.0.0/0 CLASSIFY set 2:99
sysctl.conf
net.ipv4.ip_forward=1
Setting the values below to 0 or 1 has no effect on the iptables
net.bridge.bridge-nf-call-arptables=1
net.bridge.bridge-nf-call-ipv6tables=1
net.bridge.bridge-nf-call-ipv4tables=1
networking iptables bridge
bumped to the homepage by Community♦ 1 hour ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have a Linux 3.14 PC with three NICs and a bridge between two of the NICs (eth1
and eth2
).
My Question
Why is there no traffic passing through the POSTROUTING rule? FYI, traffic is passing through (forwarded) the bridge just fine. Can someone be kind enough to provide me some pointers to get this working?
ifconfig eth1 down
ifconfig eth2 down
ifconfig eth1 up
ifconfig eth1 0.0.0.0
ifconfig eth2 up
ifconfig eth2 0.0.0.0
brctl addbr sm0
brctl addif sm0 eth1
brctl addif sm0 eth2
ifconfig sm0 up
iptables -t mangle -A POSTROUTING -o eth1 -p all -j CLASSIFY --set-class 1:99
iptables -t mangle -A POSTROUTING -o eth2 -p all -j CLASSIFY --set-class 2:99
Rules
o iptables -t mangle -nvL
Chain PREROUTING (policy ACCEPT 38914 packets, 2954K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 38210 packets, 2791K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 38072 packets, 2844K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 38072 packets, 2844K bytes)
pkts bytes target prot opt in out source destination
0 0 CLASSIFY all -- * eth1 0.0.0.0/0 0.0.0.0/0 CLASSIFY set 1:99
0 0 CLASSIFY all -- * eth2 0.0.0.0/0 0.0.0.0/0 CLASSIFY set 2:99
sysctl.conf
net.ipv4.ip_forward=1
Setting the values below to 0 or 1 has no effect on the iptables
net.bridge.bridge-nf-call-arptables=1
net.bridge.bridge-nf-call-ipv6tables=1
net.bridge.bridge-nf-call-ipv4tables=1
networking iptables bridge
I have a Linux 3.14 PC with three NICs and a bridge between two of the NICs (eth1
and eth2
).
My Question
Why is there no traffic passing through the POSTROUTING rule? FYI, traffic is passing through (forwarded) the bridge just fine. Can someone be kind enough to provide me some pointers to get this working?
ifconfig eth1 down
ifconfig eth2 down
ifconfig eth1 up
ifconfig eth1 0.0.0.0
ifconfig eth2 up
ifconfig eth2 0.0.0.0
brctl addbr sm0
brctl addif sm0 eth1
brctl addif sm0 eth2
ifconfig sm0 up
iptables -t mangle -A POSTROUTING -o eth1 -p all -j CLASSIFY --set-class 1:99
iptables -t mangle -A POSTROUTING -o eth2 -p all -j CLASSIFY --set-class 2:99
Rules
o iptables -t mangle -nvL
Chain PREROUTING (policy ACCEPT 38914 packets, 2954K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 38210 packets, 2791K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 38072 packets, 2844K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 38072 packets, 2844K bytes)
pkts bytes target prot opt in out source destination
0 0 CLASSIFY all -- * eth1 0.0.0.0/0 0.0.0.0/0 CLASSIFY set 1:99
0 0 CLASSIFY all -- * eth2 0.0.0.0/0 0.0.0.0/0 CLASSIFY set 2:99
sysctl.conf
net.ipv4.ip_forward=1
Setting the values below to 0 or 1 has no effect on the iptables
net.bridge.bridge-nf-call-arptables=1
net.bridge.bridge-nf-call-ipv6tables=1
net.bridge.bridge-nf-call-ipv4tables=1
networking iptables bridge
networking iptables bridge
edited Jul 2 '15 at 14:37
G-Man
13.3k93566
13.3k93566
asked Jul 2 '15 at 13:58
AlbertKAlbertK
161
161
bumped to the homepage by Community♦ 1 hour ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 1 hour ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Your bridge isn't routing traffic, so there's nothing to go through the POSTROUTING
rule.
See the netfilter documentation for bridge-netfilter for details and a method to change this configuration (kernel 3.2.0):
modprobe bridge # Enable bridge-netfilter
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
I have the above statement in the system but still no traffic going through the postrouting rule. I am sure that traffic is flowing through the bridge as I am accessing and posting this from the machine attached to the eth2 NIC (LAN facing) of the bridge.
– AlbertK
Jul 3 '15 at 11:01
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f213542%2fbridge-and-iptables-postrouting%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Your bridge isn't routing traffic, so there's nothing to go through the POSTROUTING
rule.
See the netfilter documentation for bridge-netfilter for details and a method to change this configuration (kernel 3.2.0):
modprobe bridge # Enable bridge-netfilter
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
I have the above statement in the system but still no traffic going through the postrouting rule. I am sure that traffic is flowing through the bridge as I am accessing and posting this from the machine attached to the eth2 NIC (LAN facing) of the bridge.
– AlbertK
Jul 3 '15 at 11:01
add a comment |
Your bridge isn't routing traffic, so there's nothing to go through the POSTROUTING
rule.
See the netfilter documentation for bridge-netfilter for details and a method to change this configuration (kernel 3.2.0):
modprobe bridge # Enable bridge-netfilter
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
I have the above statement in the system but still no traffic going through the postrouting rule. I am sure that traffic is flowing through the bridge as I am accessing and posting this from the machine attached to the eth2 NIC (LAN facing) of the bridge.
– AlbertK
Jul 3 '15 at 11:01
add a comment |
Your bridge isn't routing traffic, so there's nothing to go through the POSTROUTING
rule.
See the netfilter documentation for bridge-netfilter for details and a method to change this configuration (kernel 3.2.0):
modprobe bridge # Enable bridge-netfilter
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
Your bridge isn't routing traffic, so there's nothing to go through the POSTROUTING
rule.
See the netfilter documentation for bridge-netfilter for details and a method to change this configuration (kernel 3.2.0):
modprobe bridge # Enable bridge-netfilter
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
answered Jul 2 '15 at 17:01
roaimaroaima
45.1k756123
45.1k756123
I have the above statement in the system but still no traffic going through the postrouting rule. I am sure that traffic is flowing through the bridge as I am accessing and posting this from the machine attached to the eth2 NIC (LAN facing) of the bridge.
– AlbertK
Jul 3 '15 at 11:01
add a comment |
I have the above statement in the system but still no traffic going through the postrouting rule. I am sure that traffic is flowing through the bridge as I am accessing and posting this from the machine attached to the eth2 NIC (LAN facing) of the bridge.
– AlbertK
Jul 3 '15 at 11:01
I have the above statement in the system but still no traffic going through the postrouting rule. I am sure that traffic is flowing through the bridge as I am accessing and posting this from the machine attached to the eth2 NIC (LAN facing) of the bridge.
– AlbertK
Jul 3 '15 at 11:01
I have the above statement in the system but still no traffic going through the postrouting rule. I am sure that traffic is flowing through the bridge as I am accessing and posting this from the machine attached to the eth2 NIC (LAN facing) of the bridge.
– AlbertK
Jul 3 '15 at 11:01
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f213542%2fbridge-and-iptables-postrouting%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown