[CentOS] A bridge problem

Mon Jun 13 19:34:48 UTC 2011
m.roth at 5-cent.us <m.roth at 5-cent.us>

Robert Spangler wrote:
> On Monday 13 June 2011 14:02, the following was written:
>
>>  We just went to replace the bridge/firewall services one one server
>> with the same on another. It's pretty simple, and I literally cloned (w/
>> rsync) a third server that does this onto the one that will be the new
>> one.Then  copied the /etc/sysconfig/iptables from the one being
>> replaced, and  brought it up this morning.
>>
>>  Nope. We had to put everything back the way it was.
>>
>>  The new one sees the two or three servers behind the firewall, and we
>> can ping them, from the new box. On one, we see IPP broadcasts; in fact,
>> we  see lots of broadcast packets using tcpdump. From outside, though,
>> you  can't see the servers. Trying to ping them, they see nothing. It
>> seems to  be the case that tcp and icmp packets are blocked, and we
>> can't figure out  why.
>
> Is the firewall IP or port based or a combo of both?
> Is the firewall setup on the bridge interface or on each individual server
> interface i.e., eth0, eth1 etc..

Not sure how to answer that. I'd say it's on the external interface.
>
> What does ifconfig show you?  Are all the interfaces started? Do the DHCP
> interfaces receive a DHCP address?

Yep. And route shows *only* br3, and when I restart the network br3 brings
up eth0 and eth1.

        mark